cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8971
Views
35
Helpful
7
Replies
Beginner

Unable to login Cisco UCCX Appadmin page

I am running a Cisco Unified Voice Infrastructure where I cannot login to UCCX server via https link following server IP Address. But I can ping the server, I can even login to it using CLI mode. But I am not able to login to it using Web Gui interface. Using Firefox as the browser it shows "Secure connection failed" - "An error occurred during a connection to 145.17.58.4:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) ".

 

I have search google, read the administrator guide and searched on community support but unable to find specific remedy for the issue. How can I resolve it and login to the server?

The community Rocks! Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Hi Sayeed, It seems to be

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

View solution in original post

7 REPLIES 7
Highlighted
Beginner

looks like your TOMCAT

looks like your TOMCAT service is down.

Check using the CLI that all services are up and running.

use the command utils service list.

Highlighted
Beginner

I have checked the service

I have checked the service and it shows :

" Cisco Tomcat[STARTED] "

I have attached the screen shot that I can browse from my browser. But after clicking the link it shows the error message mentioned above. Thanks for the help.

 

 

Highlighted
Beginner

Hi Sayeed, It seems to be

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

View solution in original post

Highlighted
Beginner

That does not really "fix the

That does not really "fix the problem."

Is there a fix for the root cause (weak ciphers enabled on the Cisco web server) such as a configuration change or patch rather than the workaround of turning off the browser security?

Disabling the browser security is a global setting that will not apply only the Cisco admin page and will put the users of the browser at needless additional risk.

Highlighted
Beginner

Re: Hi Sayeed, It seems to be

Thank you so much. Straight to the point. Not like so many other forums I have read that some engineers just replying to get more Cisco points not knowing to the point what are they talking about. 

Highlighted
Enthusiast

For Chrome (ver 45+) you can

For Chrome (ver 45+) you can edit the shortcut link to add the following at the end (after the chrome.exe):

--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

 

  1. Go to browser short cut (Start Menu, Desktop, Taskbar, etc...)

  2. Right click and go to Properties

  3. Go to Shortcut tab

  4. Go to Target textbox, in this you will find your chrome full path, add above string at the end of path. For my Windows installation it will look like:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

  5. Apply, and click OK to close the properties window.

  6. If you have Chrome open, fully close it and re-launch via shortcut.

  7. You should now be able to access Finesse login site.

 

Highlighted
Beginner

Here is a link to an

Here is a link to an excellent article about the Server has a weak ephemeral Diffie-Hellman public key ... ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error.

CreatePlease to create content