Showing posts with label Cloud Control. Show all posts
Showing posts with label Cloud Control. Show all posts

Thursday, September 17, 2015

Can't access Weblogic Console | ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY


When accessing WebLogic Console for OEM Cloud Control using Chrome, I received following error.




I knew nothing has changed, no new patches were applied. So what happened?

After doing some google search, I found out that latest version of Google Chrome 45 is no longer accepting weak cipher.  Any website that uses outdated security code will not open in Chrome anymore.



DHE_EXPORT cipher which is used by Weblogic is valureable for Logjam attack.

In My Oracle Support Doc ID 2054204.1 Oracle acknowledges this as a bug and currently working on a patch.  

Workaround for Chrome is to pass in the following parameters to Chrome.exe:


"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0033,0x0039


Right click the Chrome shortcut (where ever you have it) and go to "Shortcut" tab and in Target field type in the parameter.  After this close all Chrome windows and restart Chrome browser.





Here is the workaround for other browser as mentioned in the MOS ID 2054204.1:



a. Internet Explorer:
==============
    1. Increase key strength of WLS certificates to 1024 bits:
        << Note 1510058.1>> - Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
    2. Access WLS Console in Internet Explorer

b. Firefox:
=======
    1. Increase key strength of WLS certificates to 1024 bits:
        << Note 1510058.1>> - Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
    2. Open firefox browser and type 'about:config' in URL field
    3. Search for 'security.ssl3.dhe_rsa_aes_128_sha' and 'security.ssl3.dhe_rsa_aes_256_sha'
    4. Double click (Toggle) on 'security.ssl3.dhe_rsa_aes_128_sha' and 'security.ssl3.dhe_rsa_aes_256_sha' so that their value gets changed to 'false'
    5. Close the firefox and open new firefox window
    6. Access OEM Weblogic Admin Server Console



For up to date information, please see MOS.