Piszki Lab | EN

My case study in the clouds…

vRealize Hyperic (Tomcat 6) – ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

| 0 comments

vRealize Hyperic 5.8.4 has the default configuration for Tomcat 6 of encrypted connection parameters. Using the latest browsers Chrome and Firefox can thus collide with the message “Server has a weak, temporary Diffie-Hellman public key”. Fortunately, this can be quickly remedied by improving the “Connector” section in the file serwer.xml. Described by me change can be implemented in both versions, installed on a Windows server and the installed as vRealize Hyperic Appliance.

diffie

The settings file is in the directory /opt/hyperic/server-current/hq-engine/hq-server/conf/ (appliance). Open server.xml and edit section Connector, the correct settings:

<Connector port="${server.webapp.secure.port}" 
          executor="tomcatThreadPool" maxHttpHeaderSize="8192"
         emptySessionPath="true" protocol="HTTP/1.1" SSLEnabled="true"
         scheme="https" secure="true" clientAuth="false" 
         keystoreFile="${server.keystore.path}"
         keystorePass="${server.keystore.password}"
         truststoreFile="${server.keystore.path}"
         truststorePass="${server.keystore.password}" 
         ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
               TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
               TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
               TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
         sslProtocol="TLS"
         protocols="TLSv1,TLSv1.1,TLSv1.2"                               
         URIEncoding="UTF-8"/>

After write config restart the server.

Rate this article:
[Total: 0    Average: 0/5]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.