How to fix ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Question

I have a website and recently chrome started returning this error when trying to access it:

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

It's a java+jsp website and it runs on apache tomacat. It also uses Verisign certification, but I've read that the error is not related to this certificate.

Thanks for any help.

Answer 1

I fixed it following this: http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/277/0/workaround-for-tomcat-ssl-tls-logjam-vulnerability

To sum up, I edited server.xml.

On the connector protocol, I changed the property

Protocol="TLS"

for

sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" 

and added the property

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

Answer 2

Your server is using weak Diffie-Hellman keys and might thus be affected by the Logjam attack. Because of this attack more and more browser and TLS stacks increase their minimum length of the DH key to 768 or 1024 bit. Probably the OpenSSL version you are using in your server uses a 512 bit DH key by default, which is too small. You need to fix this by explicitly setting a larger DH key in your server configuration. How this is done depends on the server, see Guide to Deploying Diffie-Hellman for TLS for details.

Answer 3

If you have a support contract with Oracle, you can download the latest version of Java 6/7 which raises the DHE encryption to 1024-bit in JSSE.

Answer 4

There is a workaround (warning: this creates a security vulnerability!)

Use this parameter launching chrome:

--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

Parameters explanation:

0x0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0x0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0066 TLS_DHE_DSS_WITH_RC4_128_SHA
0x0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Sources:

learncisco.net

productforums.google.com

weakdh.org

chromium.googlesource.com/.../sslproto.h