Weak ephemeral error seen when logging into Spectrum OneClick using FireFox39.0 or Chrome v.45

Document ID : KB000056922
Last Modified Date : 10/12/2018
Show Technical Document Details

When using FireFox 39.0 (or greater) or Chrome v.45 (or greater) to log into OneClick where SSL has been enabled, the following error is seen:

An error occurred during a connection to <spectrum server ip>:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) 


FireFox 39.0 (or greater) and Chrome v.45 (or greater) includes tighter security, which error out when it attempts to use the weaker Diffie-Hellman ciphers affected by Logjam vulnerability.


The following will resolve the issue:

  1. Log into the OneClick system as the user that owns the OneClick installation
  2. Make a backup copy of the existing $SPECROOT/tomcat/conf/server.xml file
  3. Edit the existing $SPECROOT/tomcat/conf/server.xml file
  4. Find the "ciphers" parameter and remove the following entries (if present):





   5. Save the changes.
   6. Restart Spectrum tomcat.