cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Firefox ver 39 is incompatible with OpsCenter - weak key reported

Go to solution
D_Flood
Level 6

‎07-03-2015 11:21 AM

This morning I let Firefox update itself to version 39 and now it refuses to connect to OpsCenter 7.6.1.2 due to weak ciphers. 

Here's the error:

An error occurred during a connection to <servernameeditedout>. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

IE still worked (with complaints) so I know the webserver is there...

I tried all the rebuild keystore KBs to no effect so I went digging more.

Turns out the fault is in Program Files\Symantec\Opscenter\gui\webserver\conf in the file server.xml

I tried editing the line that specifies what types of encryption can be allowed during the secure connection and just messed it up further since I'm not a security expert...I did get things to complain that there wasn't a compatible level of encryption if I deleted all the references to 128 bit stuff so I think I was on the right track but...

I'm back on the reverted file and I guess I have to open a ticket with Support...

 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
RoundTower_JGL
Level 3
Partner Accredited Certified

‎07-05-2015 01:35 PM

D,

Type "about:config" in the FireFox address box.

Click through the "promise to be careful" warning.

In the Search box along the top of the config menu, enter "security.ssl3.dhe_rsa_aes_128_sha" and press Enter.

It should find the entry config. The value will be "true". Double click it to change it to "false" (see attached screen cap).

Repeat the same process with the "security.ssl3.dhe_rsa_aes_256_sha" key.

Source: https://bugzilla.mozilla.org/show_bug.cgi?id=587407#c100

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
RoundTower_JGL
Level 3
Partner Accredited Certified

‎07-05-2015 01:35 PM

D,

Type "about:config" in the FireFox address box.

Click through the "promise to be careful" warning.

In the Search box along the top of the config menu, enter "security.ssl3.dhe_rsa_aes_128_sha" and press Enter.

It should find the entry config. The value will be "true". Double click it to change it to "false" (see attached screen cap).

Repeat the same process with the "security.ssl3.dhe_rsa_aes_256_sha" key.

Source: https://bugzilla.mozilla.org/show_bug.cgi?id=587407#c100

0 Kudos

Go to solution
D_Flood
Level 6

‎07-06-2015 08:27 AM

Thanks for the work-around.  I can confirm it works with 2.6.1.2.  In the meantime I still have my ticket open so Symantec can decide which option (upgrade their security, use another browser, or use a workaround that some might not be comfortable with) they want to recomend officially...

 

0 Kudos

Go to solution
SJ_Hollist
Level 3

‎08-03-2015 10:02 AM

Perfect!  Now if Symantec/Veritas would just upgrade the security of OpsCenter.

0 Kudos

Go to solution
D_Flood
Level 6

‎08-03-2015 02:17 PM

It still requires the above work-around but OpsCenter 7.7 does (finally) catch up with the Appliance change from http to https main pages...taking that into account that means they're about 1.5 major version numbers behind on all their "features"

 

0 Kudos

Go to solution
KDob
Level 3
Partner Accredited

‎08-21-2015 12:08 PM

OpsCenter 7.7 is now much more secure!

No key problem out of the box.  Not sure if the Audit Controls/FIPS Compliance was just NetBackup, or it also extends to OpsCenter.

I was running 7.6 and could no longer access OpsCenter Web Page once we upgraded our FireFox, but once we upgraded to 7.7, it worked just fine.

Something about 256 versus 1024, blah, blah, blah.  Not sure, but the upgrade was definitely easier than figuring out all the details.

0 Kudos