Unable to load Novell Vibe on secure port

  • 7016930
  • 21-Oct-2015
  • 21-Oct-2015

Environment

Novell Vibe 3.4

Situation

When loading Vibe on secure port on Google Chrome or Mozilla Firefox, the following error is seen. Error code: ssl_error_weak_server_ephemeral_dh_key
 
Internet Explorer is able to load the page

Resolution

  1. Navigate to /opt/novell/teaming/apache-tomcat/conf and make a backup of the server.xml
  2. Edit the server.xml and search for the line starting with <Connector port="8443
  3. After the URIEncoding=UTF-8", but before the closing />, add a ciphers configuration as shown in Additional Information
  4. Save the server.xml and restart Vibe by typing /etc/init.d/teaming restart


Additional Information

Example of the ciphers configuration:
 
ciphers="SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA"/>
 
Entire section of the server.xml should look something like the following:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="200" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/.keystore" keystorePass="changeit" keyAlias="tomcat" URIEncoding="UTF-8" ciphers="SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA"/>
 
The cipher configuration documented here excludes the two AES ciphers below
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA