Firefix update breaks Oscar access

A recent Firefox update (v 38) will block access if certain security settings are not in place.
If you try to login to Oscar and get:
Error code: ssl_error_weak_server_ephemeral_dh_key
then you need to update /etc/tomcat6/server.xml

You should add the ‘ciphers’ section.

<Connector port=”8443″ maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ scheme=”https” secure=”true” SSLEnabled=”true”
clientAuth=”false” keystoreFile=”/pathto.keystore” sslProtocol=”TLS”
ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA” />

After saving the change, just restart tomcat6.
sudo service tomcat6 restart

This entry was posted in Technical. Bookmark the permalink.