Array Setup and Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

Server has a weak ephemeral Diffie-Hellman public key?

SOLVED
Go to solution
alimohammad136
Occasional Contributor

Server has a weak ephemeral Diffie-Hellman public key?

Hello Experts,

     I was trying to open gui for nimble storage from web browser and its throwing error, i am new to nimble and help would be really appreciated:

Server has a weak ephemeral Diffie-Hellman public key

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Thanks,

7 REPLIES
N/A

Re: Server has a weak ephemeral Diffie-Hellman public key?

In the same boat here with Chrome. I would like to use Chrome, however, if there is no solution then I will go back to another browser for accessing Nimble's web interface.

Daniel.S
Occasional Visitor
Solution

Re: Server has a weak ephemeral Diffie-Hellman public key?

Same issue here with both Chrome and Firefox. From memory, the 2.3 release finally allows you to use a proper CA-signed SSL certificate. Not sure if there's a workaround for this issue until 2.3 goes GA. I've just been using Microsoft Edge in the meantime.

alimohammad136
Occasional Contributor

Re: Server has a weak ephemeral Diffie-Hellman public key?

I just tried on Internet Explorer and it worked.

Daniel.S
Occasional Visitor

Re: Server has a weak ephemeral Diffie-Hellman public key?

There's another thread on here about it: https://connect.nimblestorage.com/message/4885

According to the reports in that thread, the issue is resolved in 2.2.8.0 and 2.3.3.0

jstear120
Occasional Visitor

Re: Server has a weak ephemeral Diffie-Hellman public key?

I just wanted to confirm that the update to 2.2.8.0 does indeed fix this issue.

alimohammad136
Occasional Contributor

Re: Server has a weak ephemeral Diffie-Hellman public key?

Thanks for update Stear.

Drew.Swan
Occasional Advisor

Re: Server has a weak ephemeral Diffie-Hellman public key?

In firefox you can change this behavior by setting these 2 keys to false in about:config

security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha

This will change it for ALL sites though - up to you to figure out the risk of that.

Drew