Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

On Monday the 3rd of March, around 5pm UTC (9am PT) users may experience a brief period of downtime while one of our underlying services is under maintenance.

Avatar for Username

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში. აქ არავინ უნდა მოგთხოვოთ ტელეფონზე დარეკვა, შეტყობინების გაგზავნა ან პირადი მონაცემების გაზიარება. რამე საეჭვოს შემჩნევისას გთხოვთ გვაცნობოთ „დარღვევის მოხსენებით“.

ვრცლად

ეს თემა დაარქივებულია. დასვით ახალი კითხვა, თუ დახმარება გესაჭიროებათ.

Getting error "ssl_error_weak_server_ephemeral_dh_key" on my website

  • 3 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 1 ნახვა
  • ბოლოს გამოეხმაურა jscher2000 - Support Volunteer

usmanr
usmanr
more options

I have a live video website and have recently installed SSL certificate on my video servers. I am having video playback issue on Firefox. On other browsers (Chrome, IE), everything is alright.

Example page: https://www.janjua.tv/cnn_livestreaming

While debugging the network, I noticed the video is not being played due to the error "ssl_error_weak_server_ephemeral_dh_key" (Screenshot attached).

I have Wildcard SSL from Comodo, and had generated my CSR using the guide available here: https://www.sslsupportdesk.com/keystore-jks-keytool-csr-generation-ssl-installation-guide/

My video servers are Tomcat/Java so I had to import the entire chaining path of my SSL Certificate in the following order: Root > Intermediate > SSL Certificate (using the guide available here: https://www.sslsupportdesk.com/troubleshooting-advanced-tomcat-x509-failed-to-establish-chain-from-reply/).

I have successfully installed the SSL on my video servers and video is working perfectly on browsers other than Firefox. I'm trying to understand what I'm actually missing during the CSR, Key or installation which caused the error "ssl_error_weak_server_ephemeral_dh_key" on Firefox and prevented the playback.

I have a live video website and have recently installed SSL certificate on my video servers. I am having video playback issue on Firefox. On other browsers (Chrome, IE), everything is alright. Example page: https://www.janjua.tv/cnn_livestreaming While debugging the network, I noticed the video is not being played due to the error "ssl_error_weak_server_ephemeral_dh_key" (Screenshot attached). I have Wildcard SSL from Comodo, and had generated my CSR using the guide available here: https://www.sslsupportdesk.com/keystore-jks-keytool-csr-generation-ssl-installation-guide/ My video servers are Tomcat/Java so I had to import the entire chaining path of my SSL Certificate in the following order: Root > Intermediate > SSL Certificate (using the guide available here: https://www.sslsupportdesk.com/troubleshooting-advanced-tomcat-x509-failed-to-establish-chain-from-reply/). I have successfully installed the SSL on my video servers and video is working perfectly on browsers other than Firefox. I'm trying to understand what I'm actually missing during the CSR, Key or installation which caused the error "ssl_error_weak_server_ephemeral_dh_key" on Firefox and prevented the playback.

ყველა პასუხი (3)

usmanr
usmanr კითხვის დამსმელი
more options

Image attached.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

I think that refers to the Logjam vulnerability. See whether you can find the steps to resolve that issue on that particular host's software. Possibly if you use a diagnostic site they will have the steps.

For example: https://www.ssllabs.com/ssltest/

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Yes, it must be Logjam because I disabled these two ciphers in my Firefox (years ago) and this avoids the problem:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch the value from true to false

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch the value from true to false