Firefox ver 39 is incompatible with OpsCenter - weak key reported
This morning I let Firefox update itself to version 39 and now it refuses to connect to OpsCenter 7.6.1.2 due to weak ciphers.
Here's the error:
An error occurred during a connection to <servernameeditedout>. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
IE still worked (with complaints) so I know the webserver is there...
I tried all the rebuild keystore KBs to no effect so I went digging more.
Turns out the fault is in Program Files\Symantec\Opscenter\gui\webserver\conf in the file server.xml
I tried editing the line that specifies what types of encryption can be allowed during the secure connection and just messed it up further since I'm not a security expert...I did get things to complain that there wasn't a compatible level of encryption if I deleted all the references to 128 bit stuff so I think I was on the right track but...
I'm back on the reverted file and I guess I have to open a ticket with Support...
D,
Type "about:config" in the FireFox address box.
Click through the "promise to be careful" warning.
In the Search box along the top of the config menu, enter "security.ssl3.dhe_rsa_aes_128_sha" and press Enter.
It should find the entry config. The value will be "true". Double click it to change it to "false" (see attached screen cap).
Repeat the same process with the "security.ssl3.dhe_rsa_aes_256_sha" key.
Source: https://bugzilla.mozilla.org/show_bug.cgi?id=587407#c100