cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12955
Views
40
Helpful
8
Replies

Unable to login Cisco UCCX Appadmin page

A.K.M. Sayeed
Level 1
Level 1

I am running a Cisco Unified Voice Infrastructure where I cannot login to UCCX server via https link following server IP Address. But I can ping the server, I can even login to it using CLI mode. But I am not able to login to it using Web Gui interface. Using Firefox as the browser it shows "Secure connection failed" - "An error occurred during a connection to 145.17.58.4:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) ".

 

I have search google, read the administrator guide and searched on community support but unable to find specific remedy for the issue. How can I resolve it and login to the server?

The community Rocks! Thanks in advance.

1 Accepted Solution

Accepted Solutions

Kunal Narula
Level 1
Level 1

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

View solution in original post

8 Replies 8

aaavvvmmm
Level 1
Level 1

looks like your TOMCAT service is down.

Check using the CLI that all services are up and running.

use the command utils service list.

I have checked the service and it shows :

" Cisco Tomcat[STARTED] "

I have attached the screen shot that I can browse from my browser. But after clicking the link it shows the error message mentioned above. Thanks for the help.

 

 

Kunal Narula
Level 1
Level 1

Hi Sayeed,

 

It seems to be hitting bug id CSCuu83416 i.e when using Firefox to access a webpage affected by this vulnerability, the following message may be displayed:

Error: An error occurred during a connection to <server fqdn>:<port>. SSL received a weak ephermeral Diffie-Hellman key in Server Key Exchange handshake message. (error code: ssl_error_weak_ephermeral_dh_key)

You may try below workaround to fix this problem.

1)    In FireFox, enter "about:config" in the URL field and press enter.
2)     Accept the "This might void your warranty!" warning
3)     In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4)    Double click each result (128 and 256) to toggle the Value to "false"

This should fix the problem.

Thanks!

Kunal

(Please rate all helpful posts)

That does not really "fix the problem."

Is there a fix for the root cause (weak ciphers enabled on the Cisco web server) such as a configuration change or patch rather than the workaround of turning off the browser security?

Disabling the browser security is a global setting that will not apply only the Cisco admin page and will put the users of the browser at needless additional risk.

Thank you so much. Straight to the point. Not like so many other forums I have read that some engineers just replying to get more Cisco points not knowing to the point what are they talking about. 

This worked for me.

K L
Level 4
Level 4

For Chrome (ver 45+) you can edit the shortcut link to add the following at the end (after the chrome.exe):

--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

 

  1. Go to browser short cut (Start Menu, Desktop, Taskbar, etc...)

  2. Right click and go to Properties

  3. Go to Shortcut tab

  4. Go to Target textbox, in this you will find your chrome full path, add above string at the end of path. For my Windows installation it will look like:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

  5. Apply, and click OK to close the properties window.

  6. If you have Chrome open, fully close it and re-launch via shortcut.

  7. You should now be able to access Finesse login site.

 

----------------------------------------
Cisco UC Architect

Bigoncisco
Level 1
Level 1

Here is a link to an excellent article about the Server has a weak ephemeral Diffie-Hellman public key ... ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: