menu
  • Register

Server has a weak ephemeral diffie-hellman public key err_ssl_weak_server_ephemeral_dh_key

0 votes
66 views

Problem :

I guess Chrome have released an update over the past week. And this update has caused at least 100 of our internal applications to throw the exception shown below. The solutions I have found over the Internet, talk about updating the application server with a stronger cipher. But, our applications are spread out over various different servers like  IIS, tomcat, jboss, weblogic and websphere. So it is not practical solution for me to expect all of these application servers to be updated. Is there any way to get Chrome to allow an "exception" for these sites ? As these sites are all our internal sites, so the security is not really a concern for us.

Firefox also throws the same exception but there is a documented fix for that by simply changing some settings in Firefox. Is there anyone who is aware of a similar fix in Chrome?

Error

Server has a weak ephemeral Diffie-Hellman public key
 
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
6 5 3
7,540 points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

I had also faced the same issue recently. After doing research I found the solution on it.

I have solved this problem without upgrading jrockit but by simply configuring the ssl section like follows :

<ssl>

    <enabled>true</enabled>

    <hostname-verifier xsi:nil="true"></hostname-verifier>

    <hostname-verification-ignored>false</hostname-verification-ignored>

    <export-key-lifespan>500</export-key-lifespan>

    <client-certificate-enforced>false</client-certificate-enforced>

    <two-way-ssl-enabled>false</two-way-ssl-enabled>

    <ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>

    <inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>

    <outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>

    <allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>

    <use-server-certs>false</use-server-certs>

    <jsse-enabled>true</jsse-enabled>

</ssl>

It solved many different problems on SSL with chrome. I hope it will help you too in resolving your issue.

9 7 4
38,600 points

Related questions

0 votes
1 answer 4 views
4 views
Weak ephemeral diffie-hellman public key
Problem: While I'm trying to visit a specific website I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key".
asked Mar 15 ummesalma 25.2k points
0 votes
1 answer 1 view
1 view
Err_ssl_weak_server_ephemeral_dh_key
Problem: Do you have any suggestions about how I can resolve this &ldquo;Err_ssl_weak_server_ephemeral_dh_key&rdquo;?
asked Apr 5 tuhin1 48.9k points
0 votes
1 answer 2 views
2 views
Verizon akamai sureserver ca g14-sha2
Problem: I was looking at few sites and their SSL certificate and I noticed that few SSL certificates shows Issuer[Issued by] as mydomain[myorganisation] Is this some type of certificate, Can someone explain this !
asked 3 days ago ummesalma 25.2k points
0 votes
1 answer 2 views
2 views
Parts of this page are not secure such as images
Problem: I use the browser Firefox, and sometimes, on certain web pages, the SSL icon says "Some parts of this page are not secure, such as images." What, exactly, counts as an insecure element? Thanks!
asked Apr 2 ummesalma 25.2k points
0 votes
1 answer 1 view
1 view
Received fatal alert: handshake_failure
Problem: In my Action, I am trying to send some data to the bank server but without any luck, because I have as a result from the server the following error: error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
asked Mar 30 ummesalma 25.2k points
0 votes
1 answer 3 views
3 views
Trust anchor for certification path not found
Problem: I am trying to connect to an IIS6 box running a GoDaddy 256bit SSL cert, and I am getting the error : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
asked Mar 17 ummesalma 25.2k points
0 votes
1 answer 20 views
20 views
java.security.cert.certpathvalidatorexception: trust anchor for certification path not found.
Problem: java.security.cert.certpathvalidatorexception: trust anchor for certification path not found.
asked Feb 19 Lucky Guy 1.5k points
0 votes
1 answer 58 views
58 views
Java.security.cert.certificateexception: no subject alternative names present
Problem : I have the Java web service client, which consumes the web service via HTTPS. When I try to connect to the service URL (https://AAA.BBB.CCC.DDD:9443/ISomeService ), I get the exception as below: &ldquo; Java.security.cert.CertificateException: No subject alternative names present.&rdquo;
asked Jan 21, 2020 jwilliam 3.9k points
0 votes
1 answer 165 views
165 views
java.security.cert.certificateexception: no subject alternative names present
Problem : I have a Java web service client, which consumes a web service via HTTPS. When I connect to the service URL, I get the exception java.security.cert.CertificateException: No subject alternative names present.
asked Oct 22, 2019 peterlaw 6.9k points
Dark theme