Page tree
Skip to end of metadata
Go to start of metadata

 

If you try to connect T300/T500 via Firefox it is possibly that you get error message “ssl_error_weak_server_ephemeral_dh_key”.

To fix this problem do this steps:

 

 Use it at your own risk!

 

  1.  Connect to T300 via console (using ssh)
  2.  Use command cd /opt/tomcat/conf
  3.  Find file "server.xml"
  4.  Make copy of that file (e.g. server.xml -> copy -> new name: server.xml.orig)
  5. Open server.xml (using e.g. nano)
  6. Find line which starts with <Connector port="443"
  7. Add this two entries:

    SSLEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

  8. If SSL is not enabled add this  SSLEnabled="true" too
  9. Save file
  10. Log into webUI (using http for once)
  11. Restart whole system: Server -> State -> Server -> Restart. Or do restart over console.
  12. You can use https now

Example:

           server_old.xml

           server_new.xml