hoogman01

UCSD - Chrome Update - Server has a weak ephemeral Diffie-Hellman public key

Discussion created by hoogman01 on Sep 8, 2015
Latest reply on Sep 17, 2015 by amerzec2015

We were recently blessed with the latest chrome update which rendered the UCSD inaccessible to our chrome users due to the following error - Server has a weak ephemeral Diffie-Hellman public key. We were able to resolve the issue by updating the ciphers that are currently utilized by tomcat.

 

  1. Login to UCSD as root via putty
  2. cd to /opt/infra/web_cloudmgr/apache-tomcat/conf/
  3. VI the servers.xml
  4. Browse to the line containing ciphers=
  5. Replace the String with
    1. ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
  6. Save/Exit
  7. su - shelladmin
  8. Stop Services
  9. Start Services

Outcomes