针对高版本的chrome和firefox出现的如下问题的解决方案
服务器的瞬时 Diffie-Hellman 公共密钥过弱
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45 in ADAudit Plus • Troubleshooting • 03 Sep, 01:18 PM Hi, You will receive the error "ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" when the server is trying to setup a secure connection due to a disastrous mis-configuration as the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it. Please edit the Server.xml file from the "<Installation directory>\ManageEngine\ADAudit Plus\conf\" and add the given chipers ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " Example : <Connector SSLEnabled="true" ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " URIEncoding="UTF-8" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/server.keystore" keystorePass="adventnet" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="8444" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/> </Service> Please follow the steps provided below to modify SSL Connector. * Stop ADAudit Plus (Click Start --> All Programs --> ADAudit Plus --> Stop ADAudit Plus). * Take a backup of the existing "server.xml" file located in <installation directory>\conf folder (C:\ManageEngine\ADAudit Plus\conf) * Edit the "server.xml" file to modify the SSL Connector which would be at the bottom of the page. * Start ADAudit Plus (Click on Start --> All Programs --> ADAudit Plus --> Start ADAudit Plus). Regards ADAudit Plus Team
thx for foreign big genius!