Hi, it seems that PI 2.1 is using unsafe SSL encryption with DHE, which is blocked by the new version of Firefox 39.
The error is
An error occurred during a connection to prime.xxx.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Except from changing Firefox settings what are the other solutions to that issue? Changing the certificate doesn't help.
Solved! Go to Solution.
Does anyone know a specific bug id for this issue?
Of the two mentioned earlier in this thread, one if for Cisco Social Miner (CSCuu82529), and the other is for UCCX (CSCuu82538).
I only found a workaround in the link below (no definitive solution yet):
Workaround for Firefox 39 and above:
1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning :)
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4) Double click each result (128 and 256) to toggle the Value to "false"
Now retry your site - it should work now. Remember to change these settings back when you're done.
Thanks to "higherdestiny" that posted the answer.
I'm also having the issue with UCCX 10.0
Is there a fix? Because changing back and forth the Firefox options as proposed above is not really a permanent solution.
I found two bugs (CSCuu79565 and CSCuu82538), but there is no fixed release yet (only the same workaround).
I'm a little confused that there is no fix for PI 2.1, as 2.1 is still current - there has been no EoL announcement.
Or does product support just apply to the major rev # (2.x)?
Depending on the mechanics of a given fix, it may or may not be applied to all active releases of a given product.
If you have 2.1 and support, you are entitled to upgrade to 2.2 or even 3.0.
If you really don't want to and cannot upgrade for some other reason, you can open a TAC case and see if a patch can be made available for your use case.