Firefox 39+ Error code: ssl_error_weak_server_ephemeral_dh_key on ssl connection

[lucast <lu...@hotmail.com>]

Dear Forum,
Since I have upgraded to Firefox 39 I have not been able to run my
application on https since on the browser, I get the following error:



This applies to the embedded jetty server and also the tomcat deployment
server.

Is this something that can be solved via Wicket, perhaps using
SslContextFactory or is it a purely server problem, exclusive of the wicket
application?

Thanks in advance,
Lucas

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Firefox-39-Error-code-ssl-error-weak-server-ephemeral-dh-key-on-ssl-connection-tp4671661.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Firefox 39+ Error code: ssl_error_weak_server_ephemeral_dh_key on ssl connection

[lucast <lu...@hotmail.com>]

Thank you, niestroj,
I have solved the issue for my apache tomcat server. It was quite
straightforward. I found the solution here:

https://jamfnation.jamfsoftware.com/discussion.html?id=15032

The problem is, as Martin Grigorov pointed, a purely server issue, not a
wicket issue.

I did have a quick look to see if one could tweak the embedded jetty server
to resolve the issue, for when one is unit testing.

I'm afraid I have run out of time and I have to move on to my next task. But
if I can spare  30 minutes, I'll go back to it and hopefully post the
solution for the embedded jetty server here.

Thanks, once more,
Lucas

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Firefox-39-Error-code-ssl-error-weak-server-ephemeral-dh-key-on-ssl-connection-tp4671661p4671691.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Firefox 39+ Error code: ssl_error_weak_server_ephemeral_dh_key on ssl connection

[niestroj <rn...@go2.pl>]

This is what you need to read about it:  Logjam attack <https://weakdh.org/> 
. You need to disable come cipher suites in your server HTTPS configuration. 

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Firefox-39-Error-code-ssl-error-weak-server-ephemeral-dh-key-on-ssl-connection-tp4671661p4671679.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Firefox 39+ Error code: ssl_error_weak_server_ephemeral_dh_key on ssl connection

[Martin Grigorov <mg...@apache.org>]

Hi,

Wicket doesn't manage this so it is purely Jetty/Tomcat config issue.

Martin Grigorov
Freelancer. Available for hire!
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Mon, Jul 27, 2015 at 12:28 PM, lucast <lu...@hotmail.com> wrote:

> Dear Forum,
> Since I have upgraded to Firefox 39 I have not been able to run my
> application on https since on the browser, I get the following error:
>
>
>
> This applies to the embedded jetty server and also the tomcat deployment
> server.
>
> Is this something that can be solved via Wicket, perhaps using
> SslContextFactory or is it a purely server problem, exclusive of the wicket
> application?
>
> Thanks in advance,
> Lucas
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Firefox-39-Error-code-ssl-error-weak-server-ephemeral-dh-key-on-ssl-connection-tp4671661.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>