Unsolved
This post is more than 5 years old
25 Posts
0
5071
Chrome: "server has a weak ephemeral Diffie-Hellman public key"
From this morning onwards I am unable to use Chrome to connect with the Vplex management interface. Firefox displays the same error but may have been doing so longer.
Interestingly enough, I can connect fine with Microsoft Edge browser
Chrome: "server has a weak ephemeral Diffie-Hellman public key"
Firefox: "An error occurred during a connection to 10.1.0.28. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) "
I can, of course, work around this by disabling the cypher-suite check in Chrome/Firefox.
We are running the following version:
Product Version 5.3.0.02.00.05 -
SMSv2 D30.60.0.12.0 -
Mgmt Server Base D30.60.0.5 -
Mgmt Server Software D30.60.0.16 -
Cluster Witness Server Software D30.60.0.10 Built against GeoSynchrony version - 60.1.218.0-0
I am wondering if the default cypher-suites used by SSL in the webclient where updated in 5.4 ?
If so, I can push the customer to update to latest version for this reason.
jemimus
25 Posts
1
September 9th, 2015 07:00
Small update to this:
I have gone over the Release Notes for every patch since 5.3 came out, including 5.4, and I have not been able to find any comments in there relating to SSL, HTTP, the webserver, or cypher suite support changes.
I also found the Google Chromium post that announces the change:
http://blog.chromium.org/2015/07/chrome-45-beta-new-es2015-features.html
I have raised an SR #73929470 if anyone wants to reference it.
storagtetalk
53 Posts
0
September 9th, 2015 08:00
I can confirm the same problem occurs in version 5.4.1.
garyo
89 Posts
1
September 9th, 2015 09:00
Hi TheFluffyAdmin,
EMC Support and VPLEX Engineering are aware of the issue, and working to address it.
KB article has been created (should be customer visible)
http://support.emc.com/kb/205564
VPlex: Unable to access the VPlex GUI (Unisphere) due to the error "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
Seems to also be a problem for other EMC products as well.
Gary
garyo
89 Posts
1
September 9th, 2015 14:00
Yes, this issue applies to all GeoSynchrony code levels.
Gary
br56rt
16 Posts
0
September 23rd, 2015 09:00
I resolved Firefox security errors with information from a Mozilla support website - Is there anyway to fix a "Secure Connection Failed"? Firefox works okay now. However, having said that, it seems that IE is actually working with the VPLEX management interface quicker now since our upgrade to 5.3.
hernster
1 Rookie
1 Rookie
•
63 Posts
0
September 23rd, 2015 13:00
I have also confirmed this issue in Chrome browser, however have no issues accessing VPLEX GUI 5.4.1 using IE 11
avmaint
115 Posts
0
November 25th, 2015 19:00
try using on other ports without https
jemimus
25 Posts
0
January 6th, 2016 02:00
In case you guys had not yet see, this issue is resolved in 5.5 though it is not explicitly mentioned in the release notes.
https://support.emc.com/kb/205564