cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

7948
Views
35
Helpful
11
Replies
Beginner

PI 2.1 and Firefox 39

Hi, it seems that PI 2.1 is using unsafe SSL encryption with DHE, which is blocked by the new version of Firefox 39.

 

The error is

An error occurred during a connection to prime.xxx.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

 

Except from changing Firefox settings what are the other solutions to that issue? Changing the certificate doesn't help.

 

Thank you,

Robert


 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

This issue is fixed in Prime

This issue is fixed in Prime Infrastructure 2.2.1. Since that release SSLv3 is disabled, so you can only use TLS with also strong ciphers.

Please rate useful posts :-)

View solution in original post

11 REPLIES 11

I also am seeing this issue

I also am seeing this issue with UCCX 9.0.2SU2.

 

Thanks,

Robert B.

Rising star

This issue is fixed in Prime

This issue is fixed in Prime Infrastructure 2.2.1. Since that release SSLv3 is disabled, so you can only use TLS with also strong ciphers.

Please rate useful posts :-)

View solution in original post

Does anyone know a specific

Does anyone know a specific bug id for this issue?

Of the two mentioned earlier in this thread, one if for Cisco Social Miner (CSCuu82529), and the other is for UCCX (CSCuu82538).

Thanks

Beginner

Hello Robert, I found a

Hello Robert,

 

I only found a workaround in the link below (no definitive solution yet):

 

https://support.mozilla.org/pt-BR/questions/1066238

 

Workaround for Firefox 39 and above:

1) In FireFox, enter "about:config" in the URL field and press enter.

2) Accept the "This might void your warranty!" warning :)

3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes"

4) Double click each result (128 and 256) to toggle the Value to "false"

Now retry your site - it should work now. Remember to change these settings back when you're done.

 

Thanks to "higherdestiny" that posted the answer.
 

Regards,

 

Gilmar Silva

Thanks Gilmar.  Works like a

Thanks Gilmar.  Works like a charm.

This is a good workaround.

This is a good workaround. Thank you Gilmar.

Highlighted

I'm also having the issue

I'm also having the issue with UCCX 10.0

Is there a fix? Because changing back and forth the Firefox options as proposed above is not really a permanent solution.

Beginner

Hello Matthieu,I found two

Hello Matthieu,

I found two bugs (CSCuu79565 and CSCuu82538), but there is no fixed release yet (only the same workaround).

 

Regards,

 

Gilmar Silva

Hall of Fame Guru

An up-to-date PI 2.2.2 does

An up-to-date PI 2.2.2 does not have the problem.

Likewise with 3.0.

I'm a little confused that

I'm a little confused that there is no fix for PI 2.1, as 2.1 is still current - there has been no EoL announcement.

Or does product support just apply to the major rev # (2.x)?

Thanks

Nick

Hall of Fame Guru

Depending on the mechanics of

Depending on the mechanics of a given fix, it may or may not be applied to all active releases of a given product.

If you have 2.1 and support, you are entitled to upgrade to 2.2 or even 3.0.

If you really don't want to and cannot upgrade for some other reason, you can open a TAC case and see if a patch can be made available for your use case.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards