为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Getting error "ssl_error_weak_server_ephemeral_dh_key" on my website

usmanr
usmanr
more options

I have a live video website and have recently installed SSL certificate on my video servers. I am having video playback issue on Firefox. On other browsers (Chrome, IE), everything is alright.

Example page: https://www.janjua.tv/cnn_livestreaming

While debugging the network, I noticed the video is not being played due to the error "ssl_error_weak_server_ephemeral_dh_key" (Screenshot attached).

I have Wildcard SSL from Comodo, and had generated my CSR using the guide available here: https://www.sslsupportdesk.com/keystore-jks-keytool-csr-generation-ssl-installation-guide/

My video servers are Tomcat/Java so I had to import the entire chaining path of my SSL Certificate in the following order: Root > Intermediate > SSL Certificate (using the guide available here: https://www.sslsupportdesk.com/troubleshooting-advanced-tomcat-x509-failed-to-establish-chain-from-reply/).

I have successfully installed the SSL on my video servers and video is working perfectly on browsers other than Firefox. I'm trying to understand what I'm actually missing during the CSR, Key or installation which caused the error "ssl_error_weak_server_ephemeral_dh_key" on Firefox and prevented the playback.

I have a live video website and have recently installed SSL certificate on my video servers. I am having video playback issue on Firefox. On other browsers (Chrome, IE), everything is alright. Example page: https://www.janjua.tv/cnn_livestreaming While debugging the network, I noticed the video is not being played due to the error "ssl_error_weak_server_ephemeral_dh_key" (Screenshot attached). I have Wildcard SSL from Comodo, and had generated my CSR using the guide available here: https://www.sslsupportdesk.com/keystore-jks-keytool-csr-generation-ssl-installation-guide/ My video servers are Tomcat/Java so I had to import the entire chaining path of my SSL Certificate in the following order: Root > Intermediate > SSL Certificate (using the guide available here: https://www.sslsupportdesk.com/troubleshooting-advanced-tomcat-x509-failed-to-establish-chain-from-reply/). I have successfully installed the SSL on my video servers and video is working perfectly on browsers other than Firefox. I'm trying to understand what I'm actually missing during the CSR, Key or installation which caused the error "ssl_error_weak_server_ephemeral_dh_key" on Firefox and prevented the playback.

所有回复 (3)

usmanr
usmanr 提问者
more options

Image attached.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

I think that refers to the Logjam vulnerability. See whether you can find the steps to resolve that issue on that particular host's software. Possibly if you use a diagnostic site they will have the steps.

For example: https://www.ssllabs.com/ssltest/

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

Yes, it must be Logjam because I disabled these two ciphers in my Firefox (years ago) and this avoids the problem:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch the value from true to false

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch the value from true to false