07-08-2015 08:18 AM - edited 07-05-2021 03:31 AM
Hi, it seems that PI 2.1 is using unsafe SSL encryption with DHE, which is blocked by the new version of Firefox 39.
The error is
An error occurred during a connection to prime.xxx.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Except from changing Firefox settings what are the other solutions to that issue? Changing the certificate doesn't help.
Thank you,
Robert
Solved! Go to Solution.
07-10-2015 01:47 PM
This issue is fixed in Prime Infrastructure 2.2.1. Since that release SSLv3 is disabled, so you can only use TLS with also strong ciphers.
Please rate useful posts :-)
07-10-2015 06:23 AM
I also am seeing this issue with UCCX 9.0.2SU2.
Thanks,
Robert B.
07-10-2015 01:47 PM
This issue is fixed in Prime Infrastructure 2.2.1. Since that release SSLv3 is disabled, so you can only use TLS with also strong ciphers.
Please rate useful posts :-)
04-11-2016 09:34 AM
Does anyone know a specific bug id for this issue?
Of the two mentioned earlier in this thread, one if for Cisco Social Miner (CSCuu82529), and the other is for UCCX (CSCuu82538).
Thanks
07-10-2015 03:11 PM
Hello Robert,
I only found a workaround in the link below (no definitive solution yet):
https://support.mozilla.org/pt-BR/questions/1066238
Workaround for Firefox 39 and above:
1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning :)
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4) Double click each result (128 and 256) to toggle the Value to "false"
Now retry your site - it should work now. Remember to change these settings back when you're done.
Thanks to "higherdestiny" that posted the answer.
Regards,
Gilmar Silva
07-20-2015 04:49 AM
Thanks Gilmar. Works like a charm.
07-20-2015 05:23 AM
This is a good workaround. Thank you Gilmar.
08-02-2015 10:52 PM
I'm also having the issue with UCCX 10.0
Is there a fix? Because changing back and forth the Firefox options as proposed above is not really a permanent solution.
09-11-2015 04:28 AM
Hello Matthieu,
I found two bugs (CSCuu79565 and CSCuu82538), but there is no fixed release yet (only the same workaround).
Regards,
Gilmar Silva
09-11-2015 07:15 PM
An up-to-date PI 2.2.2 does not have the problem.
Likewise with 3.0.
04-11-2016 09:21 AM
I'm a little confused that there is no fix for PI 2.1, as 2.1 is still current - there has been no EoL announcement.
Or does product support just apply to the major rev # (2.x)?
Thanks
Nick
04-11-2016 09:28 AM
Depending on the mechanics of a given fix, it may or may not be applied to all active releases of a given product.
If you have 2.1 and support, you are entitled to upgrade to 2.2 or even 3.0.
If you really don't want to and cannot upgrade for some other reason, you can open a TAC case and see if a patch can be made available for your use case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: