<< Error Messsage >>
"Server has a weak ephemeral Diffie-Hellman public key" or ERR_SSL_WEAK_EPHEMERAL_DH_KEY
<< Solution >>
1. Open the server.xml file in a text editor
The server.xml file is located in:
- Mac: /Library/JSS/Tomcat/conf/server.xml
- Linux: /usr/local/jss/tomcat/conf/server.xml
- Windows: C:\Program Files\JSS\Tomcat\conf\server.xml
* Note: It is recommended that you create a backup of the server.xml file before replacing the existing ciphers.
2. Search for the ciphers attribute in the Connector element for port="8443"
3. Replace the existing ciphers with the ciphers listed below. If the ciphers attribute is not present, add it to the Connector element
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
* Note: In addition, if you are running Java 1.6 or a JDS instance in your environment, you must also include the following cipher:
TLS_RSA_WITH_AES_128_CBC_SHA
5. Save and close the server.xml file
6. Restart Tomcat
No comments:
Post a Comment