Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Storage Resource Monitor (SRM) > LogJam CVE-2015-4000 Issue

LogJam CVE-2015-4000 Issue

Overview

The following error occurs when accessing SRM Profiler Web Console through HTTPS:

An error occurred during a connection to SRM Profile server. SSL. received a weak ephemeral Diffie-Helman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key).

This issue is common with the SRM Profiler when the Tomcat server configuration has HTTPS connector.

Environment

All SRM versions

Cause

There are weak ciphers on the HTTPS Tomcat connector or Tomcat configuration.

Resolution

Do the following steps to resolve the issue:

1. Stop the Solarwinds Storage Manager Web Services.

2. Go to /conf/.

3. Open and edit the server.xml file to remove the following cipher suites from the xml attribute ciphers tag under:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

As an example,

Before editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

After editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

4. Start the SolarWinds Storage Manager Web Services.

Last modified
13:21, 13 Nov 2015

Tags

Classifications

Public