Sunday, 6 September 2015

Error code: ssl_error_weak_server_ephemeral_dh_key (PeopleSoft Weblogic)

PeopleSoft Client Browser Problem : After Chrome and Firefox Update. 


Fix:

1. Go to directory <PS_HOME>/webserv/<DOMAIN_NAME>/config/

2. Make a backup copy of config.xml.

3. Edit config.xml
 a. Locate the SSL configuration portion. It begins with:
<SSL>
 b. Add the cipher suites after the 'enabled' parameter.  Below is an example:
<ssl>
<name>PIA</name>
<enabled>true</enabled>
<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
<ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
<listen-port>443</listen-port>

 Note: it is important that you add the 'ciphersuite' entries between the 'enabled' entry and the 'listen-port' entry within the 'ssl' section.

4. Restart WebLogic to pick up the changes (If using a WebLogic multi-server domain, first restart the WebLogicAdmin server, then the PIA).
  Now WebLogic will only begin SSL connections with browsers that can support 128 bit encryption or higher, using the above cipher suites.
 Note: The WebLogic logs do not indicate which cipher suites are being used. So if you want to validate, we suggest using a third party auditing tool.



1 comment:

  1. For my weblogic 12.1.1.0 server, I added the below in Server Arguments of my Managed server and restart the Admin as well as Managed server.
    -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
    -Dweblogic.security.SSL.protocolVersion=TLSv1

    But I still get the error in Firefox(48.0.2) and page does not even show up in IE (11.0).

    ReplyDelete