When using FireFox 39.0 (or greater) or Chrome v.45 (or greater) to log into OneClick where SSL has been enabled, the following error is seen:
An error occurred during a connection to <spectrum server ip>:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
FireFox 39.0 (or greater) and Chrome v.45 (or greater) includes tighter security, which error out when it attempts to use the weaker Diffie-Hellman ciphers affected by Logjam vulnerability.
The following will resolve the issue:
- Log into the OneClick system as the user that owns the OneClick installation
- Make a backup copy of the existing $SPECROOT/tomcat/conf/server.xml file
- Edit the existing $SPECROOT/tomcat/conf/server.xml file
- Find the "ciphers" parameter and remove the following entries:
5. Save the changes.
6. Restart Spectrum tomcat.