Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6732
Views
20
Helpful
10
Replies

Using Chrome with PI 2.0 and 2.1 reports an error ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

HANS VASTERS
Level 1
Level 1

‎09-03-2015 11:24 AM

Since today, after an automatic upgrade of the Chrome Browser, we cannot access out Prime Infrastructure Systems running on Version 2.0 and 2.1 anymore. The Chrome reports an error ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY. Version 2.2 has no problem. Has anyone a solution for this (beside an upgrade to 2.2 :-))?

2 people had this problem
Labels:
0 Helpful
10 Replies 10

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-03-2015 03:17 PM

This is a known issue with Chrome 45.   I think this has something to do with CSCuj42438. 

 

IE will still work. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-03-2015 03:19 PM

We had this issue recently with Firefox and ISE. The root cause is the same.

In Firefox, this article tells how to change the browser to accept the older key strength.

I do see a similar article covering Chrome (among others) that talks about a simialr work around. It may be worth a try.

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-03-2015 05:21 PM

Refer to CSCuv21820.

 

My recommendation is to create a TAC Case.  

0 Helpful

lauterbachluke
Level 1
Level 1
In response to Leo Laohoo

‎09-04-2015 05:42 AM

Based on CSCuj42438, it looks like a lot of people are opening TAC cases.

Unfortunately, the response is to use Firefox, or to "Upgrade to PI 2.2 (or to 2.2 then to 3.0)."  I'm looking for clarification on the second option because the problem persists on 2.2.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lauterbachluke

‎09-04-2015 06:19 AM

Prime 2.2 - at a least a fully patched one - doesn't exhibit the problem.

Here's a screen shot from one:

alex.vue
Level 1
Level 1
In response to lauterbachluke

‎09-14-2015 10:59 AM

Thank you all for discovering the work around.

 

lauterbachluke  - Did you upgrade to PI 3.0? If so is the problem still exist? Is Cisco going to fix the issue with a patch? I'm using PI 2.1.2.

 

Thanks all.

0 Helpful

Bigoncisco
Level 1
Level 1

‎09-10-2015 08:27 PM

Here is a link to an excellent article about the Server has a weak ephemeral Diffie-Hellman public key ... ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error.

0 Helpful

HANS VASTERS
Level 1
Level 1

‎09-10-2015 11:29 PM

An easy way to overcome this problem is to go back to Chrome Version 44 to get it work again with PI 2.0 and PI 2.1.

To do that go to the directory

C:\Program Files (x86)\Google\Chrome\Application

  • rename chrome.exe
  • rename old_chrome.exe to chrome.exe

Then the version 44 of Chrome is used. It is also not updated.

0 Helpful

HANS VASTERS
Level 1
Level 1
In response to HANS VASTERS

‎09-17-2015 01:47 AM

Easier solution :-)

Create a shortcut with the command

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

Reinhard Wimmer
Level 1
Level 1
In response to HANS VASTERS

‎12-16-2015 06:25 AM

Hello Hans Vasters!

Thanks for this workaround, but can you explain what this "cipher-suite-blacklist" command puts on the blacklist? Sorry if i ask a stupid question ;)

Greetings Reinhard

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card