(solved) Problem to access iDempiere 2.1 server on SSL port with recent Firefox / Iceweasel
288 views
Skip to first unread message
Dirk Niemeyer
Aug 4, 2015, 1:47:02 PM8/4/15
to iDempiere
Hi all,
I was just experiencing a problem after browser update to access a local
iDempiere 2.1 test installation on SSL.
When trying to access
https://myserver:8443/webui/
the browser gave me an error page explaining
"Error code: ssl_error_weak_server_ephemeral_dh_key".
Some searching found an explanation here
https://support.mozilla.org/de/questions/1065417
and a solution here
https://forums.openclinica.com/discussion/15696/firefox-39-new-ssl-cipher-security-setting-error-tomcat-6-fix
I applied the proposed fix to the file
plugins/org.adempiere.tomcat.config_2.1.0/META-INF/tomcat/server.xml
adding the line
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
to the section starting with
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
and after restart of iDempiere my browser is happy again.
HTH someone
Kind Regards,
Dirk Niemeyer
I was just experiencing a problem after browser update to access a local
iDempiere 2.1 test installation on SSL.
When trying to access
https://myserver:8443/webui/
the browser gave me an error page explaining
"Error code: ssl_error_weak_server_ephemeral_dh_key".
Some searching found an explanation here
https://support.mozilla.org/de/questions/1065417
and a solution here
https://forums.openclinica.com/discussion/15696/firefox-39-new-ssl-cipher-security-setting-error-tomcat-6-fix
I applied the proposed fix to the file
plugins/org.adempiere.tomcat.config_2.1.0/META-INF/tomcat/server.xml
adding the line
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
to the section starting with
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
and after restart of iDempiere my browser is happy again.
HTH someone
Kind Regards,
Dirk Niemeyer
Nicolas Micoud
Aug 4, 2015, 2:53:04 PM8/4/15
to iDempiere
Hi Dirk,
I think you find a better solution to my problem described here : https://groups.google.com/d/msg/idempiere/IhD39BMKGAk/GIB4Jk-58okJ
Not tested yet, but perhaps it should be included in trunk ?
WDYT ?
Regards
Nicolas
I think you find a better solution to my problem described here : https://groups.google.com/d/msg/idempiere/IhD39BMKGAk/GIB4Jk-58okJ
Not tested yet, but perhaps it should be included in trunk ?
WDYT ?
Regards
Nicolas
Dirk Niemeyer
Aug 5, 2015, 6:46:18 AM8/5/15
to idem...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages