服务器的瞬时 Diffie-Hellman 公共密钥过弱的解决方案

          

      针对高版本的chrome和firefox出现的如下问题的解决方案

   服务器的瞬时 Diffie-Hellman 公共密钥过弱

 

      ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

 

 

Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
in ADAudit Plus  •  Troubleshooting  •  03 Sep, 01:18 PM
Hi,

You will receive the error "ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" when the server is trying to setup a secure connection due to a disastrous mis-configuration as the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it.

Please edit the Server.xml file from the "<Installation directory>\ManageEngine\ADAudit Plus\conf\"  and add the given chipers

ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " 


Example : 

  <Connector SSLEnabled="true" ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "  URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/server.keystore" keystorePass="adventnet" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="8444" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/> 
</Service>


Please follow the steps provided below to modify SSL Connector.

* Stop ADAudit Plus (Click Start --> All Programs --> ADAudit Plus --> Stop ADAudit Plus).

* Take a backup of the existing "server.xml" file located in <installation directory>\conf folder (C:\ManageEngine\ADAudit Plus\conf) 

*  Edit the "server.xml" file to modify the SSL Connector which would be at the bottom of the page.

* Start ADAudit Plus (Click on Start --> All Programs --> ADAudit Plus --> Start ADAudit Plus).

Regards

ADAudit Plus Team

    thx for foreign big genius！

 

    https://forums.manageengine.com/topic/resolving-err-ssl-weak-server-ephemeral-dh-key-error-in-chrome-version-45-3-9-2015