Weak ephemeral error seen when logging into Spectrum OneClick using FireFox39.0 or Chrome v.45

Document ID : KB000056922
Last Modified Date : 14/02/2018
Show Technical Document Details


When using FireFox 39.0 (or greater) or Chrome v.45 (or greater) to log into OneClick where SSL has been enabled, the following error is seen:

An error occurred during a connection to <spectrum server ip>:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) 



FireFox 39.0 (or greater) and Chrome v.45 (or greater) includes tighter security, which error out when it attempts to use the weaker Diffie-Hellman ciphers affected by Logjam vulnerability.



The following will resolve the issue:

  1. Log into the OneClick system as the user that owns the OneClick installation
  2. Make a backup copy of the existing $SPECROOT/tomcat/conf/server.xml file
  3. Edit the existing $SPECROOT/tomcat/conf/server.xml file
  4. Find the "ciphers" parameter and remove the following entries:





   5. Save the changes.
   6. Restart Spectrum tomcat.