Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14335
Views
40
Helpful
8
Replies

Unable to login Cisco UCCX Appadmin page

Go to solution
A.K.M. Sayeed
Level 1
Level 1

‎08-31-2015 11:29 PM - edited ‎03-19-2019 10:01 AM

I am running a Cisco Unified Voice Infrastructure where I cannot login to UCCX server via https link following server IP Address. But I can ping the server, I can even login to it using CLI mode. But I am not able to login to it using Web Gui interface. Using Firefox as the browser it shows "Secure connection failed" - "An error occurred during a connection to 145.17.58.4:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) ".

 

I have search google, read the administrator guide and searched on community support but unable to find specific remedy for the issue. How can I resolve it and login to the server?

The community Rocks! Thanks in advance.

6 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kunal Narula
Level 1
Level 1

‎09-03-2015 03:41 PM

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

View solution in original post

8 Replies 8

Go to solution
aaavvvmmm
Level 1
Level 1

‎09-01-2015 01:43 AM

looks like your TOMCAT service is down.

Check using the CLI that all services are up and running.

use the command utils service list.

0 Helpful

Go to solution
A.K.M. Sayeed
Level 1
Level 1
In response to aaavvvmmm

‎09-02-2015 09:43 PM

I have checked the service and it shows :

" Cisco Tomcat[STARTED] "

I have attached the screen shot that I can browse from my browser. But after clicking the link it shows the error message mentioned above. Thanks for the help.

 

 

Preview file
45 KB
0 Helpful

Go to solution
Kunal Narula
Level 1
Level 1

‎09-03-2015 03:41 PM

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

Go to solution
webabc123
Level 1
Level 1
In response to Kunal Narula

‎09-07-2015 10:40 AM

That does not really "fix the problem."

Is there a fix for the root cause (weak ciphers enabled on the Cisco web server) such as a configuration change or patch rather than the workaround of turning off the browser security?

Disabling the browser security is a global setting that will not apply only the Cisco admin page and will put the users of the browser at needless additional risk.

Go to solution
KNYC
Level 1
Level 1
In response to Kunal Narula

‎02-06-2019 09:34 AM

Thank you so much. Straight to the point. Not like so many other forums I have read that some engineers just replying to get more Cisco points not knowing to the point what are they talking about. 

0 Helpful

Go to solution
CSCO13287378
Level 1
Level 1
In response to Kunal Narula

‎07-13-2020 06:15 AM

This worked for me.
0 Helpful

Go to solution
K L
Level 4
Level 4

‎09-10-2015 07:02 AM

For Chrome (ver 45+) you can edit the shortcut link to add the following at the end (after the chrome.exe):

--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

 

  1. Go to browser short cut (Start Menu, Desktop, Taskbar, etc...)

  2. Right click and go to Properties

  3. Go to Shortcut tab

  4. Go to Target textbox, in this you will find your chrome full path, add above string at the end of path. For my Windows installation it will look like:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

  5. Apply, and click OK to close the properties window.

  6. If you have Chrome open, fully close it and re-launch via shortcut.

  7. You should now be able to access Finesse login site.

 

----------------------------------------
Cisco UC Architect
0 Helpful

Go to solution
Bigoncisco
Level 1
Level 1

‎09-10-2015 08:28 PM

Here is a link to an excellent article about the Server has a weak ephemeral Diffie-Hellman public key ... ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error.

0 Helpful
Customers Also Viewed These Support Documents