1 Reply Latest reply on Jul 23, 2015 1:05 AM by leo.chen

    ssl_error_weak_server_ephemeral_dh_key error while accessing https

    leo.chen

      I am running JBoss EAP 6.4 version. I am meeting with a problem related to SSL cipher suite. My server is configured https like below (standalone.xml):

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
          <ssl password="password" certificate-key-file="${jboss.server.config.dir}/test.keystore" cipher-suite=
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,
      TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,
      TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,
      TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,
      TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,
      TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"/>
      </connector>
      
      
      

      Now using Firefox version 39 to access the server will have an error of "On the server key exchange handshake messages SSL received in a weak temporary Diffie-Hellman key (Error Code: ssl_error_weak_server_ephemeral_dh_key)".

       

      I have followed this link and changed the cipher suite list but still makes no difference. https://weakdh.org/sysadmin.html

       

      Anyone has an advise what the problem is and how to resolve this?