Secure Connection failed errors after upgrading Firefox Browsers

  • 7016657
  • 08-Jul-2015
  • 15-Jul-2015


NetIQ Sentinel 7.3


After an update to Firefox browsers to version 39.0, logins to the WebUI fail with the error;

Secure Connection Failed
An error occurred during a connection to <your server>. SSL received a weak ephemeral Diffie-Hellman key in Server key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)


The fix for this issue is contained in Sentinel patch. The Fix requires that we use Java 8 which is only included post 7.3.1. If you have not done so, please apply to fix this issue. If you have not yet applied 7.3.1, you will need to follow the steps under "Work Around Steps".

Work Around Steps:
1. Backup the existing jetty-ssl.xml file
cp -a /etc/opt/novell/sentinel/3rdparty/jetty/jetty-ssl.xml /home/novell/jetty-ssl.xml.bak
2. Using vim edit the file and append the following ciphers at the end of the
                              " <!-- Only enable strong ciphers. -->
                                <Set name="ExcludeCipherSuites">
                                        <Array type="java.lang.string>"
 section of the file;
                                                <!-- New Excluded Ciphers -->

3. Save the changes to the file and restart Sentinel
4. <optional> Clear all cache and cookies in your browser


Firefox has updated their browsers to require higher key sizes due to security vulnerabilities such as LogJam, CVE-2015-4000.