|Applies To||RSA Product Set: Identity Management and Governance|
RSA Version/Condition: 6.0.1, 6.0.2
|Issue||When attempting to access the RSA Aveksa IMG console using the latest version of Chrome (Version 45.0.2454.85 or later) the following error message is generated:|
Server has a weak ephemeral Diffie-Hellman public key
When attempting to access the RSA Aveksa IMG console using the latest version of Firefox (Version 40.0.3 or later) the following error message is generated:
Secure Connection Failed
An error occurred during a connection to <server name>. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
|Cause||This issue occurs because these versions of Aveksa server allows SSL negotiation with a lower security Diffie-Hellman public key which is known to be insecure.|
|Resolution||Aveksa 6.0.1 and 6.0.2 have reached end of service life and are no longer supported. Please upgrade to a supported version. All current versions of Aveksa do not have this issue.|
|Workaround||Use an alternate browser such as the current version of Internet Explorer (as of September 2015) which does not have this issue.|
There are also several publicly available workarounds that will allow Chrome or Firefox to connect in an insecure manner. These workarounds cannot be recommended as they decrease the overall security of the web browsers when visiting other sites.