Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45

Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45

Hi,

You will receive the error "ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" when the server is trying to setup a secure connection due to a disastrous mis-configuration as the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it.

Please edit the Server.xml file from the "<Installation directory>\ManageEngine\ADAudit Plus\conf\"  and add the given chipers

ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "


Example : 

  <Connector SSLEnabled="true" ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "  URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/server.keystore" keystorePass="adventnet" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="8444" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/>
</Service>


Please follow the steps provided below to modify SSL Connector.

* Stop ADAudit Plus (Click Start --> All Programs --> ADAudit Plus --> Stop ADAudit Plus).

* Take a backup of the existing "server.xml" file located in <installation directory>\conf folder (C:\ManageEngine\ADAudit Plus\conf) 

*  Edit the "server.xml" file to modify the SSL Connector which would be at the bottom of the page.

* Start ADAudit Plus (Click on Start --> All Programs --> ADAudit Plus --> Start ADAudit Plus).

Regards

ADAudit Plus Team

                New to ADSelfService Plus?