Absent Member.
Absent Member.
13717 views

FF 39 SSL received a weak ephemeral Diffie-Hellman key in Se

OK, using ZCM 11.2.3 (and not intending to upgrade, as moving away from ZCM in the next few months)

So not really expecting miracle solution, but will ask anyway...

After upgrade to Firefox 39, can no longer connect to Zenworks due to

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

That is die to this fix:

https://bugzilla.mozilla.org/show_bug.cgi?id=1138554

Any ideas? Of the downgrade is the only option?

Seb
Labels (2)
0 Likes
7 Replies
Absent Member.
Absent Member.

Spgsitsupport,

let me ask Novell... (you've no idea how odd it feels to say that)

--

Shaun Pond
newly reminted as a Knowledge Professional


0 Likes
Absent Member.
Absent Member.

Thanks, got it sorted with reading this:

https://forums.novell.com/showthread.php/432003-Disable-Weak-Ciphers-on-ZCM-server

and using this:

ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"

Seb
0 Likes
Absent Member.
Absent Member.

Spgsitsupport,

nice!

--

Shaun Pond
newly reminted as a Knowledge Professional


0 Likes
Commodore
Commodore

spgsitsupport;2397255 wrote:
Thanks, got it sorted with reading this:

https://forums.novell.com/showthread.php/432003-Disable-Weak-Ciphers-on-ZCM-server

and using this:

ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"

Seb


Just tried using your fix, however when I change the server.xml I get the following message:

Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

If I change back to default I get the 'SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)' message.

Any chance you can post a copy of your server.xml for me to look at?

Cheers,

Tom
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

tombott;2401244 wrote:
Just tried using your fix, however when I change the server.xml I get the following message:

Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

If I change back to default I get the 'SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)' message.

Any chance you can post a copy of your server.xml for me to look at?

Cheers,

Tom


Just search the .xml file for:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Remove just that cipher
save the file and then restart the ZCM processes

--Kevin
0 Likes
Commodore
Commodore

kjhurni;2401264 wrote:
Just search the .xml file for:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Remove just that cipher
save the file and then restart the ZCM processes

--Kevin


Cheers, worked it out with the help of your post. It made me see the typo...... a random space. I'll get my coat.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.