Problem: Chrome and Firefox recently updated and suddenly stopped allowing connections to your SMP3 Admin and possibly your applications and is giving you the error Server has a weak ephemeral Diffie-Hellman public key
This is an attempt by the browsers to protect you from connecting to a Server that is using outdated cipher settings which could lead to a recently published SSL vunerabilty "logjam".
The ciphers being used by SMP3 SP08 and prior server versions are defaulting to obsolete choices. This has been updated for the SMP3 SP09 release. However, in the meantime you can make the same change to your server to update the ciphers using the following procedure.
Solution:
- Stop the SMP3 server
- Edit the Server\confg_master\org.eclipse.gemini.web.tomcat\default-server.xml file
- Find the ciphers line in each of the following Connector tags and replace the value with the ciphers below.
- Connector smpConnectorName="oneWaySSL"
- Connector smpConnectorName="AdminSSL"
- Connector smpConnectorName="mutualSSL"
- ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
- Save and restart the SMP3 server. Now connections from Chrome and Firefox should no longer give that error.
For Agentry clients be sure to test each device you will be using BEFORE making this change in production. If your device does not support the newer ciphers it will probably fail to connect and you may need to either update your device or re-implment the obsolete cipher.