I'm unable to access the web interface due to "Secure connection failed" or "Server has a weak ephemeral Diffie-Hellman public key" warnings

This is a known issue caused by a cipher that this version of Access Manager currently supports. A recent vulnerability was found in the Diffie-Hellman key exchange protocol that was identified as the Logjam attack. To protect against this vulnerability many web browsers have begun blocking specific SSL ciphers that are known to be weak to this. Below is what you will see in Chrome and Firefox browsers. 

Which web browsers are know to be affected?

Mozilla Firefox, Google Chrome, Internet Explorer and Safari.

How to fix this?

If you are running the 1.2 release of Access Manager then this is simply a matter of updating to the RG9 release, this has removed support for the affected ciphers allowing Access Manager to once again be accessed in the affected browsers.

If you are not able to apply the RG9 release you can manually remove the cipher from the system.  To do this go to Configuration -> SSL -> Advanced Configuration, and remove the "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" cipher from both the Enabled Incoming AND Enabled Outgoing cipher fields. Scroll through the list, select this cipher and click REMOVE, once you have removed it from both fields hit SAVE. You will then need to restart the server, for the changes to take effect.

Please remember to ONLY remove this one cipher, the removal of other ciphers could cause the system to become unusable, if you are unsure please contact support for assistance. 

Have more questions? Submit a request

Comments

Powered by Zendesk