menu
  • Register

Server has a weak ephemeral diffie-hellman public key err_ssl_weak_server_ephemeral_dh_key

0 votes
80 views

Problem :

I guess Chrome have released an update over the past week. And this update has caused at least 100 of our internal applications to throw the exception shown below. The solutions I have found over the Internet, talk about updating the application server with a stronger cipher. But, our applications are spread out over various different servers like  IIS, tomcat, jboss, weblogic and websphere. So it is not practical solution for me to expect all of these application servers to be updated. Is there any way to get Chrome to allow an "exception" for these sites ? As these sites are all our internal sites, so the security is not really a concern for us.

Firefox also throws the same exception but there is a documented fix for that by simply changing some settings in Firefox. Is there anyone who is aware of a similar fix in Chrome?

Error

Server has a weak ephemeral Diffie-Hellman public key
 
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
7.5k points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

I had also faced the same issue recently. After doing research I found the solution on it.

I have solved this problem without upgrading jrockit but by simply configuring the ssl section like follows :

<ssl>

    <enabled>true</enabled>

    <hostname-verifier xsi:nil="true"></hostname-verifier>

    <hostname-verification-ignored>false</hostname-verification-ignored>

    <export-key-lifespan>500</export-key-lifespan>

    <client-certificate-enforced>false</client-certificate-enforced>

    <two-way-ssl-enabled>false</two-way-ssl-enabled>

    <ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>

    <inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>

    <outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>

    <allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>

    <use-server-certs>false</use-server-certs>

    <jsse-enabled>true</jsse-enabled>

</ssl>

It solved many different problems on SSL with chrome. I hope it will help you too in resolving your issue.

38.6k points

Related questions

0 votes
1 answer 7 views
7 views
Server has a weak ephemeral diffie hellman public key
Problem: Does anyone grasp the problem : Server has a weak ephemeral diffie hellman public key?
asked Jun 26 nila 121k points
0 votes
1 answer 10 views
10 views
Server has a weak ephemeral diffie-hellman public key
Problem: I'm on the lookout for a solution: Server has a weak ephemeral diffie-hellman public key
asked Jun 26 nila 121k points
0 votes
1 answer 7 views
7 views
Server has a weak, ephemeral diffie-hellman public key
Problem: Can anyone simplify this : Server has a weak, ephemeral diffie-hellman public key?
asked Jun 25 Chi Omega 168k points
0 votes
1 answer 4 views
4 views
Server has a weak ephemeral diffie-hellman public key chrome
Problem: I'm hoping for some assistance : Server has a weak ephemeral diffie-hellman public key chrome
asked Jun 23 nila 121k points
0 votes
1 answer 5 views
5 views
Server has a weak ephemeral diffie-hellman public key chrome disable
Problem : Is there a method to resolve this issue: Server has a weak ephemeral diffie-hellman public key chrome disable?
asked Jun 18 Siam55 110k points
0 votes
1 answer 6 views
6 views
Server has a weak ephemeral diffie-hellman public.
Problem : Server has a weak ephemeral diffie-hellman public.
asked Jun 30 Isac Christiaan 103k points
0 votes
1 answer 6 views
6 views
Weak ephemeral diffie-hellman public key
Problem: While I'm trying to visit a specific website I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key".
asked Mar 15 ummesalma 29.1k points
0 votes
1 answer 20 views
20 views
Your connection is not private weak signature algorithm .
Problem: Support is needed > our connection is not private weak signature algorithm .
asked May 11 Isac Christiaan 103k points
0 votes
1 answer 9 views
9 views
Err_ssl_weak_server_ephemeral_dh_key
Problem: Do you have any suggestions about how I can resolve this &ldquo;Err_ssl_weak_server_ephemeral_dh_key&rdquo;?
asked Apr 5 tuhin1 48.9k points
0 votes
1 answer 12 views
12 views
Certificate and private key do not match
Problem: Certificate and private key do not match
asked Jul 18 Chi Omega 168k points
Dark theme