Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Storage Resource Monitor (SRM) > LogJam CVE-2015-4000 Issue

LogJam CVE-2015-4000 Issue

Overview

The following error occurs when accessing SRM Profiler Web Console through HTTPS:

An error occurred during a connection to SRM Profile server. SSL. received a weak ephemeral Diffie-Helman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key).

This issue is common with the SRM Profiler when the Tomcat server configuration has HTTPS connector.

Environment

All SRM versions

Cause

There are weak ciphers on the HTTPS Tomcat connector or Tomcat configuration.

Resolution

Do the following steps to resolve the issue:

1. Stop the Solarwinds Storage Manager Web Services.

2. Go to /conf/.

3. Open and edit the server.xml file to remove the following cipher suites from the xml attribute ciphers tag under:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

As an example,

Before editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

After editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

4. Start the SolarWinds Storage Manager Web Services.

Last modified

Tags

Classifications

Public