Fix ssl_error_weak_server_ephemeral_dh_key Firefox

From Firefox 39, user maybe occur ssl_error_weak_server_ephemeral_dh_key when using HTTPS. This post help fix ssl_error_weak_server_ephemeral_dh_key from tomcat server or ignore this in Firefox by user

Fix ssl_error_weak_server_ephemeral_dh_key Firefox
  1. Fix ssl_error_weak_server_ephemeral_dh_key from tomcat server

    Tomcat has several weak ciphers enabled by default. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. If you have a Tomcat server (version 4.1.32 or later), you can disable SSL 2.0 and disable weak ciphers by following these instructions. Open your server.xml file add the following to your SSL connector

    <Connector port="443" maxhttpheadersize="8192" address=""
               enablelookups="false" disableuploadtimeout="true" acceptCount="100"
               scheme="https" secure="true" clientAuth="false" SSLEnabled="true"
               keystoreFile="mydomain.key" keystorePass="changeit"
               truststoreFile="mytruststore.truststore" truststorePass="changeit" />
  2. Fix ssl_error_weak_server_ephemeral_dh_key by ignore it in Firefox

    • Open Firefox, go to URL about:config
    • Accept the This might void your warranty! warning by clicking on I'll be careful, I promise! button
    • In the search field, enter security.ssl3.dhe_rsa_aes
    • Double click each result (128 SHA and 256 SHA) to change the Value to false

  3. Useful resources

    The Logjam Attack

    SSL/TLS, ciphers, perfect forward secrecy and Tomcat


Popular posts from this blog