服务器的瞬时 Diffie-Hellman 公共密钥过弱的解决方案

编程语言 2018-05-10 10:34:19 阅读次数: 0

          

      针对高版本的chrome和firefox出现的如下问题的解决方案

   服务器的瞬时 Diffie-Hellman 公共密钥过弱

 

      ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
 

 

Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
in ADAudit Plus  •  Troubleshooting  •  03 Sep, 01:18 PM
Hi,

You will receive the error "ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" when the server is trying to setup a secure connection due to a disastrous mis-configuration as the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it.

Please edit the Server.xml file from the "<Installation directory>\ManageEngine\ADAudit Plus\conf\"  and add the given chipers

ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " 


Example : 

  <Connector SSLEnabled="true" ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "  URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/server.keystore" keystorePass="adventnet" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="8444" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/> 
</Service>


Please follow the steps provided below to modify SSL Connector.

* Stop ADAudit Plus (Click Start --> All Programs --> ADAudit Plus --> Stop ADAudit Plus).

* Take a backup of the existing "server.xml" file located in <installation directory>\conf folder (C:\ManageEngine\ADAudit Plus\conf) 

*  Edit the "server.xml" file to modify the SSL Connector which would be at the bottom of the page.

* Start ADAudit Plus (Click on Start --> All Programs --> ADAudit Plus --> Start ADAudit Plus).

Regards

ADAudit Plus Team

    thx for foreign big genius!

    https://forums.manageengine.com/topic/resolving-err-ssl-weak-server-ephemeral-dh-key-error-in-chrome-version-45-3-9-2015

猜你喜欢

转载自itace.iteye.com/blog/2253291
今日推荐
周排行
8种防盗链的方法
php的序列化和反序列化
Java 8:CompletableFuture
Android版本差异适配方案(5.0-9.0)
makedownpad使用
Spring Boot 使用AOP切面实现后台日志管理模块
实战SSM_O2O商铺_44【DES加密】 关键配置信息进行DES加密
ACM排行榜说明
【转】SQL重复记录查询
板球和秃子威力那个大
每日归档
更多
2024-09-15(0)
2024-09-14(0)
2024-09-13(0)
2024-09-12(0)
2024-09-11(0)
2024-09-10(0)
2024-09-09(0)
2024-09-08(0)
2024-09-07(0)
2024-09-06(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022