If you try to connect T300/T500 via Firefox it is possibly that you get error message “ssl_error_weak_server_ephemeral_dh_key”.
To fix this problem do this steps:
- Connect to T300 via console (using ssh)
- Use command cd /opt/tomcat/conf
- Find file "server.xml"
- Make copy of that file (e.g. server.xml -> copy -> new name: server.xml.orig)
- Open server.xml (using e.g. nano)
- Find line which starts with <Connector port="443"
- Add this two entries:
SSLEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
- If SSL is not enabled add this SSLEnabled="true" too
- Save file
- Log into webUI (using http for once)
- Restart whole system: Server -> State -> Server -> Restart. Or do restart over console.
- You can use https now
Example:
server_old.xml
server_new.xml