6

I have a website and recently chrome started returning this error when trying to access it:

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

It's a java+jsp website and it runs on apache tomacat. It also uses Verisign certification, but I've read that the error is not related to this certificate.

Thanks for any help.

Kal
  • 323
  • 2
  • 7
  • 17
  • There is a [new option for this in Java 8](http://stackoverflow.com/a/24508841/372643) (and better default values). – Bruno Oct 19 '15 at 12:08

5 Answers5

3

I fixed it following this: http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/277/0/workaround-for-tomcat-ssl-tls-logjam-vulnerability

To sum up, I edited server.xml.

On the connector protocol, I changed the property

Protocol="TLS"

for

sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

and added the property

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
Kal
  • 323
  • 2
  • 7
  • 17
2

Your server is using weak Diffie-Hellman keys and might thus be affected by the Logjam attack. Because of this attack more and more browser and TLS stacks increase their minimum length of the DH key to 768 or 1024 bit. Probably the OpenSSL version you are using in your server uses a 512 bit DH key by default, which is too small. You need to fix this by explicitly setting a larger DH key in your server configuration. How this is done depends on the server, see Guide to Deploying Diffie-Hellman for TLS for details.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Thanks, I am following the guide you linked. I already installed the Unlimited Strength files for Apache Tomcat correctly. But I am stuck at this point: Generating a Unique DH Group. I don't know how to do that, do I need to download something for it? – Kal Jul 10 '15 at 07:38
  • @Kai: the exact command needed is clearly shown in the section "Generating a Unique DH Group": `openssl dhparam -out dhparams.pem 2048` – Steffen Ullrich Jul 10 '15 at 07:51
  • @Exactly, but.... excuse my ignorance, what do I do with that sentence. Tried on cmd and it does nothing, – Kal Jul 10 '15 at 08:44
  • @Kai: this command creates the dhparams.pem file you need later. – Steffen Ullrich Jul 10 '15 at 08:59
  • And where do I execute that command? I'm on windows, and on cmd it does nothing – Kal Jul 10 '15 at 09:01
  • @Kai: you need to download openssl for this. And please, this is all no longer relevant for stackoverflow and if you need to help with basic server administration ask at serverfault.com. – Steffen Ullrich Jul 10 '15 at 09:38
  • 1
    The only case where this is applicable is possibly when Tomcat is using the APR, otherwise everything is done in Java, so it's a JSSE issue, without any link to OpenSSL. – Bruno Oct 19 '15 at 12:05
1

If you have a support contract with Oracle, you can download the latest version of Java 6/7 which raises the DHE encryption to 1024-bit in JSSE.

Yuhong Bao
  • 3,891
  • 1
  • 19
  • 20
1

There is a workaround (warning: this creates a security vulnerability!)

Use this parameter launching chrome:

--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

Parameters explanation:

0x0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0x0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0066 TLS_DHE_DSS_WITH_RC4_128_SHA
0x0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Sources:

learncisco.net

productforums.google.com

weakdh.org

chromium.googlesource.com/.../sslproto.h

Paweł Prażak
  • 3,091
  • 1
  • 27
  • 42
0

I was able to fix this problem by setting the system property jdk.tls.ephemeralDHKeySize to 1024 (or 2048).

Tom Hennen
  • 4,746
  • 7
  • 34
  • 45