Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 12:00 AM

Article Id 194016

Technical Note: Logjam vulnerability causes ssl error

Description
Logjam vulnerability causes ssl error

Scope
Version:  Network Sentry 7.2.1.106 and below
Solution
Version:  Network Sentry 7.2.1.106 and below


Issue:  Firefox browser will not open the Admin UI. The below error is produced instead:

"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."


Workaround:  This behavior is due to a change with Firefox 39. 
Another browser can be used, or this Mozilla article contains a workaround for Firefox:

https://support.mozilla.org/en-US/questions/1066238 

1) In FireFox, enter "about:config" in the URL field and press enter. 
2) Accept the "This might void your warranty!" warning. 
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes". 
4) Double click each result (128 and 256) to toggle the Value to "false". 


Solution:
Network Sentry version 7.2.1.120 and higher revises the allowed cipher list for the tomcat web server. Contact Product Support to schedule an upgrade. 

Labels:
382
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.