Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
Hi,
You receive the error when the server is trying to setup a secure connection and due to a disastrous mis-configuration, the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it.
Example:
<Connector SSLEnabled="true" ciphers="T LS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " allowUnsafeLegacyRenegotiation="false" server="Adselfservice Plus" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"server="Adselfservice Plus" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/selfservice.keystore" keystorePass="Your_Keystore_Password" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="9251" scheme="https" secure="true" sslProtocol="TLS"/>
Note: The above fix works with the latest version of the application (build number 5303).
Please follow the steps provided below to modify SSL Connector.
* Stop ADSelfService Plus (Click Start --> All Programs --> ADSelfService Plus --> Stop ADSelfService Plus).
* Take a backup of existing "server.xml" file located at <installation directory>\conf (C:\ManageEngine\ADSelfService Plus\conf) and edit the "server.xml" file to modify the SSL Connector which will be at the bottom of the server.xml file.
* Start ADSelfService Plus (Click on Start --> All Programs --> ADSelfService Plus --> Start ADSelfService Plus).
Regards
ADSelfService Plus Team
Toll Free: +1-888-720-9500
Direct: +1-408-916-9890
Email: support@adselfserviceplus.com
Self Service Password Management Solution