Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Storage Resource Monitor (SRM) > LogJam CVE-2015-4000 Issue

LogJam CVE-2015-4000 Issue

Overview

The following error occurs when accessing SRM Profiler Web Console through HTTPS:

An error occurred during a connection to SRM Profile server. SSL. received a weak ephemeral Diffie-Helman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key).

This issue is common with the SRM Profiler when the Tomcat server configuration has HTTPS connector.

Environment

All SRM versions

Cause

There are weak ciphers on the HTTPS Tomcat connector or Tomcat configuration.

Resolution

Do the following steps to resolve the issue:

1. Stop the Solarwinds Storage Manager Web Services.

2. Go to /conf/.

3. Open and edit the server.xml file to remove the following cipher suites from the xml attribute ciphers tag under:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

As an example,

Before editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

After editing:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100" redirectPort="8443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25" keystoreFile="webapps/ROOT/bin/jswis-keystore" keystorePass="solarwinds" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192" ciphers=="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>

4. Start the SolarWinds Storage Manager Web Services.

Last modified
13:21, 13 Nov 2015

Tags

Classifications

Public