1

I got a CA cert by submitting my CSR from GoDaddy, after applying a certificate to my Tomcat web server. When I access my website using Chrome or Mozilla I face the error:

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

I invoked the following command for the CSR generation process:

 keytool -genkey -alias mydomain -keyalg RSA -keystore mydomain.jks -keysize 2048 -sigalg SHA256withRSA
 keytool -certreq -alias mydomain -sigalg SHA256withRSA -keystore mydomain.jks -file mydomain.csr

How can I solve this?

S.L. Barth
  • 5,504
  • 8
  • 39
  • 47
Muhammad
  • 11
  • 1
  • 2
  • Related question: SecSE: [Does the recommended course of action for preventing Logjam on Tomcat servers really eliminate all risks of weak DH keys?](https://security.stackexchange.com/questions/89761/does-the-recommended-course-of-action-for-preventing-logjam-on-tomcat-servers-re) – StackzOfZtuff Sep 17 '15 at 10:56

2 Answers2

2

That warning is caused by the size of the group used for ephemeral Diffie Hellman key exchange being too small. So small that the symmetric keys can be extracted by academics.

The certificate does not affect the size of the group used for DHE. The configuration of the web server does.

Currently the recommendation is that the group size in bits should be as large as the RSA key for the certificate, usually 2048 bits, and in any case no smaller than 1024 bits. Also, you must generate your own group, not use a predefined one, or else 1024 bits is not enough.

Make sure your server does not support intentionally weak "export" crypto - that means 512 bits.

Use Qualys tool to check the server configuration.

Java docs.

Z.T.
  • 7,963
  • 1
  • 22
  • 36
  • Java/JSSE doesn't support generating your own parameters, although JDK8 does allow you to control the *size* chosen from a hardcoded set, as per your link. – dave_thompson_085 Dec 06 '15 at 01:07
2

The simplest fix is to upgrade your Java version to Java 8 as Java 7 has reached its EOL (end of life) in April 2015.
Also if it does not work and you have JDK 1.8, setting the system property -Djdk.tls.ephemeralDHKeySize=2048 is recommended to ensure stronger keysize in the handshake. Refer to the Java 8 docs

Edit Here is a list of the strong ciphers you may need in your Tomcat server.xml inside your HTTPS connectors:

ciphers= " TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA "

Edit 2

Do check your JAVA_HOME path variable, it may be pointing to an older version of java i.e. less than jdk 1.7

I was facing the same problem as my JAVA_HOME was pointing to jdk1.6 so correcting the JAVA_HOME fixed this

Mohsin Khan
  • 742
  • 1
  • 4
  • 9
  • This (all) assumes Tomcat using JSSE (HttpProtocol or HttpNioProtocol) not APR. That cipher list does not include any DHE keyexchange, so it doesn't matter whether good DHE parameters are forced or even available, and thus works on JDK7 as well, assuming the client(s) accept at least one of ECDHE_RSA (with an implemented curve) or plainRSA, which most browsers should and current Chrome and Firefox definitely do. – dave_thompson_085 Dec 06 '15 at 01:03