DescriptionAccessing Analytics UI using Chrome or Firefox Displays Diffie-Hellman Error
SolutionThe Error looks similar to "Server has a weak ephemeral Diffie-Hellman public key"
To resolve this issue
1.) Edit the file: /bsc/services/jboss/server/default/deploy/jbossweb.sar/server.xml making the following changes:
From:
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.home}/keystore.jks"
keystorePass="cchaos"
truststoreFile="${jboss.home}/cacerts.jks"
truststorePass="cchaos"
sslProtocol = "TLS"
connectionLinger="300"
socketBuffer="18000" />
To:
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.home}/keystore.jks"
keystorePass="cchaos"
sslProtocol = "TLSv1"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
connectionLinger="300"
socketBuffer="18000" />
2) After the change is made a reboot of the jboss server or the appliance is required for the change to take effect.
/etc/init.d/jboss stop
/etc/init.d/jboss start
