Server has a weak ephemeral Diffie-Hellman public key

karinn001 · ‎09-07-2015

Hi,

I have Cisco Prime and i am getting the following error when i am going to login. I have used IE,Chrome, Firefox but have the same condition.Kindly let me the solution.

Server has a weak ephemeral Diffie-Hellman public key

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Leo Laohoo · ‎09-08-2015

Create a new shortcut and use the link provided to run the program. Make sure Chrome is in the right location of the folder.

View solution in original post

Leo Laohoo · ‎09-08-2015

This is due to Bug ID CSCuj42438 & CSCuv21820.

IE works. There are workarounds to use Firefox & Chrome.

katerina.dardoufa · ‎09-08-2015

Hi all,

can anyone point to the workaround for Chrome?

For Mozilla I have found this:

on the url type:

about:config

Here in this config page, you will find a list of boolean entries. Search for below two entries,

security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha

By default, these are set to TRUE. But you have to set them to FALSE in order to allow the less secured pages.

Leo Laohoo · ‎09-08-2015

For Chrome, use this shortcut:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

karinn001 · ‎09-08-2015

Hi Leo,

i have run above command but result has not change. Still getting the same message.

Leo Laohoo · ‎09-08-2015

Create a new shortcut and use the link provided to run the program. Make sure Chrome is in the right location of the folder.

karinn001 · ‎09-16-2015

Issue resolved. Thanks Leo

Leo Laohoo · ‎09-17-2015

Thanks for taking the time to rate our posts. :)

aleopoldie · ‎09-30-2015

Hi Leo,

Is there a risk for the browser's security if we create thos shortcut ?

AL

jordan.cox · ‎09-24-2015

Maybe I'm just really missing something, but when I try to create a new shortcut with the following path it says it can't find C:\Program application.

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

However, if I just enter C:\Program Files (x86)\Google\Chrome\Application\chrome.exe the shortcut will work fine. So I definitely have the correct path to the chrome app. What am I missing?

kconrad01 · ‎09-24-2015

To make it work you need to put quotes around the file path and name. So put a " in front of C: and replace the " right after the .exe with another double quote character.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

jordan.cox · ‎09-25-2015

Ah, thanks kconrad01 that worked!

Luis Diaz · ‎10-01-2015

So.. im still getting the error after adding the cipher suites blacklist..

Here is a straight paste of my target destination.

"C:\Program Files\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

It open's Chrome but when i visit Cisco Prime still get the lovely error... any thoughts?

nathan.a.reeves · ‎10-02-2015

Had the same issue when I created the shortcut. Make sure that after you've created the shortcut, go to task manager and ensure all chrome.exe processes are terminated.

As soon as I terminated all the running chrome processes, the next time I used the modified shortcut the pages loaded fine. (Accessing UCCX Admin Pages)

Peter Vazquez · ‎01-21-2016

Works great for me.

Thanks