Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45

Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45

Hi,

You receive the error when the server is trying to setup a secure connection and due to a disastrous mis-configuration, the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it.

Please edit the Server.xml file located in the "<Installation directory>\ManageEngine\ADManager Plus\conf\"  and replace the given ciphers

ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "
Example : 

<Connector SSLEnabled="true" ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="true" keystoreFile="./conf/server.keystore" keystorePass="adventnet" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="8443" scheme="https" secure="true" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2" sslProtocol="TLS" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>
</Service>


Here are the instructions to modify the SSL Connector.

* Stop ADManager Plus (Click Start --> All Programs --> ADManager Plus --> Stop ADManager Plus).

* Take a backup of the existing "server.xml" file located in <installation directory>\conf folder (C:\ManageEngine\ADManager Plus\conf) 

*  Edit the "server.xml" file to modify the SSL Connector which would be at the bottom of the page.

* Start ADManager Plus (Click on Start --> All Programs --> ADManager Plus --> Start ADManager Plus).

Regards

ADManager Plus Team

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products