This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

WebHelpDesk Reported to have a Weak Ephemeral Diffie-Hellman Public Key

Hi Guys,

Just want to share a sort of workaround on fixing the issues with the error from recent browsers showing the errors about Secure Connection Failed and shows an error code of ssl_error_weak_ephemeral_dh_key. Do the following steps:

1. Backup the file <WebHelpDesk>/conf/tomcat_server_template.xml to somewhere else just in case this doesn't work

2. Edit the same file <WebHelpDesk>/conf/tomcat_server_template.xml

3. Look for the 2 lines saying `ciphers="yada_yada_yada_yada"` and replace both with the following:

ciphers="TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA"

4. Save the file and restart WHD

Note: All the ciphers will function if you are running WHD versions 12.2 and 12.3 with the built-in Java Runtime Environment version 7. If you are running WHD version 12.1, be sure to apply the fix for the SSLv3 Poodle vulnerability enabling TLSv1.1, TLSv1.2 with JRE 7 setup.

This should also increase your security rating scan from Qualys SSL Labs. Hope this helps!