18 Replies Latest reply on Jul 28, 2015 12:38 PM by winuxguy

    WebHelpDesk Reported to have a Weak Ephemeral Diffie-Hellman Public Key

    winuxguy

      Hi Guys,

       

      Just want to share a sort of workaround on fixing the issues with the error from recent browsers showing the errors about Secure Connection Failed and shows an error code of ssl_error_weak_ephemeral_dh_key. Do the following steps:

      1. Backup the file <WebHelpDesk>/conf/tomcat_server_template.xml to somewhere else just in case this doesn't work

      2. Edit the same file <WebHelpDesk>/conf/tomcat_server_template.xml

      3. Look for the 2 lines saying `ciphers="yada_yada_yada_yada"` and replace both with the following:

      ciphers="TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA"

       

      4. Save the file and restart WHD

       

      Note: All the ciphers will function if you are running WHD versions 12.2 and 12.3 with the built-in Java Runtime Environment version 7. If you are running WHD version 12.1, be sure to apply the fix for the SSLv3 Poodle vulnerability enabling TLSv1.1, TLSv1.2 with JRE 7 setup.

       

      This should also increase your security rating scan from Qualys SSL Labs. Hope this helps!