Array Setup and Networking
1839267 Members
3039 Online
110137 Solutions
New Discussion

Re: ssl_error_weak_server_ephemeral_dh_key

 
SOLVED
Go to solution
mwhite126
Occasional Advisor

ssl_error_weak_server_ephemeral_dh_key

I can no longer connect to my Nimble system via FireFox.  I see reference to to this in InfoSight, but not a fix or work around other than using Internet explorer.   Is there anyway to update the SSL cert used by my Nimble system?

Thanks in advance.

11 REPLIES 11
Nick_Dyer
Honored Contributor

Re: ssl_error_weak_server_ephemeral_dh_key

Hello Mats. What NimbleOS firmware are you on? I believe there was a fix implemented specifically for Firefox & Chrome browsers in NimbleOS 2.2.8.0 (it's detailed in the notifications section of Infosight).

Nick Dyer
twitter: @nick_dyer_
mwhite126
Occasional Advisor

Re: ssl_error_weak_server_ephemeral_dh_key

We’re on 2.2.5. 2.2.5.0-197583-opt

I’ll see if I can update it. t 2.2.5.0-197583-op

TowedJumper
Occasional Collector

Re: ssl_error_weak_server_ephemeral_dh_key

Mats, I am on 2.1.4 and have the same problem.  I think they were coming out with a fix AFTER 2.2.8.  I foolishly cleared the notice in infosight and now I can't find it but I believe that's what the notice said.

Nick_Dyer
Honored Contributor
Solution

Re: ssl_error_weak_server_ephemeral_dh_key

All cleared alerts/bulletins are available  to see in Infosight->Help->Bulletins.

I believe what the OP is referring to is EXT-009, detailing issues with NSS within Firefox & Chrome (no issue for Internet Explorer). The fixes are implemented in 2.2.8.0 or 2.2.3.0.

Nick Dyer
twitter: @nick_dyer_
mwhite126
Occasional Advisor

Re: ssl_error_weak_server_ephemeral_dh_key

Our system is running 2.2.5.0 so the fix must be in 2.2.8.0.    I have it downloaded

I'm trying to find update procedures on the Nimble site.  I know I can just click the 'update' button after downloading it, but I need to know if I should take any precautions.

Nick_Dyer
Honored Contributor

Re: ssl_error_weak_server_ephemeral_dh_key

As long as you have Nimble Connection Manager for VMware/Windows installed and your MPIO settings are correct for any other services, then there are no other real considerations. I'd recommend running it out-of-hours just to be sure, but there's no need to shut things down.\

The Nimble array will detect any problems on your network between the controllers and will halt the update if it seems potential issues, too.

Nick Dyer
twitter: @nick_dyer_
TowedJumper
Occasional Collector

Re: ssl_error_weak_server_ephemeral_dh_key

I must be doing something wrong.  Under Help, all I have for options are Help and Connect.  Not a problem really, don't want to hijack the thread.

Nick_Dyer
Honored Contributor

Re: ssl_error_weak_server_ephemeral_dh_key

click "Help"

Nick Dyer
twitter: @nick_dyer_
mwhite126
Occasional Advisor

Re: ssl_error_weak_server_ephemeral_dh_key

Thanks.  I should be OK as I haven't integrated VMware yet.    I updated from 2.1 before starting the migrations this spring, but it wasn't mission critical at that point.    I'll install the update later this evening.   Thanks for your help.

-Mats

TowedJumper
Occasional Collector

Re: ssl_error_weak_server_ephemeral_dh_key

Ok, found it under bulletins.  Thanks Nick.  Looking at it though, are we sure its fixed IN 2.2.8.0?

"Nimble OS

Upcoming maintenance releases for Nimble OS 2.2.8.0 and 2.3.3.0 will contain a fix to support these newer browser updates."

https://infosight.nimblestorage.com/InfoSight/#help/bulletins

mwhite126
Occasional Advisor

Re: ssl_error_weak_server_ephemeral_dh_key

Now that I have 2.2.8.0 installed, I'm positive that it's fixed for Firefox.