MyPhone application access from browser fails. (Error code: ssl_error_weak_server_ephemeral_dh_key)

Doc ID    SOLN272988
Version:    6.0
Status:    Published
Published date:    03 Jun 2016
Created Date:    05 Aug 2015
Author:   
Levente Szabo
 

Details

Avaya Utility Services
Version: util-6.3.0.0.20

Problem Clarification

When user tries to access MyPhone application (https://<ip address of Utility Services server>:8443/MyPhone/MyPhone) running on Utility Services from Firefox v39 and the latest version of Chrome (after update of Chrome) they get this error in browser:

Secure Connection Failed.

An error occurred during a connection to <ip address of Utility Services server>:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Cause

This indicates that the site is defaulting to an obsolete encryption cipher which is vulnerable to the "Logjam" attack that was in the news earlier this year. 

Problem appears since Firefox Security Update version 39 and also with the latest version of Chrome.

See also the article on Mozilla Support:  "Secure Connection failed" after update to firefox 39"

 

Solution

 

As a work around change the below in FireFox browser:
1)      In FireFox address bar, enter "about:config" and press enter.
2)      Accept the "This might void your warranty!" warning :)

 
3)      In the search field at the top, enter "security.ssl3.dhe_rsa_aes"

 
4)      Double click each result (128 and 256) to Toggle the Value to "false"

 

For the latest version of Google Chrome: the customer goes to C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" and add the following: --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

(there has to be a space between .exe and --cipher)

Additional Relevant Phrases

My Phone Utility not opening in Chrome/Firefox Unable to open the My Phone Utility application from the browser, Checking if there is a chance to make any changes from the server end which can resolve the issue.

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy