When connecting to the Web Admin using Chrome you might run into the following error and not be able to connect:
---
Server has a weak ephemeral Diffie-Hellman public key
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
---
This error message is caused by recent updates to Google Chrome to protect against the TLS Logjam Vulnerability. For more information on the TLS Logjam Attack, please refer to the following helpdesk article:
https://helpdesk.forumsys.com/entries/94053427
This article focuses on building a new SSL Termination policy to replace existing Factory SSL Termination policy found under System-->Settings-->System
Creating an SSL termination Policy
First you will need to use your own certs. One you have the certs to use you can import these into Sentry under Resources-->PKI-->Keys
Creating an SSL Termination policy is done as follows:
- Go to Resources-->Security Policies-->SSL and click New
- Select Termination then click Next
- Name your policy and select the Key Pair to use
- Click on the link “Show cipher suites” and deselect DHE cipher suites then click Create
- Go to System-->Settings-->System and select the new SSL Termination policy then Save
You will now be using this SSL Termination policy when accessing the Web Admin.
0 Comments