Hi,
we currently have the problem that FireFox 39 removed the support for SSLv3 which leads to a "ssl_error_weak_server_ephemeral_dh_key" - exception when trying to access our inhouse Confluence 3.4.8 instance with FireFox version 39.
I already tried https://confluence.atlassian.com/x/7QCOK, it doesn't work.
Only workaround on client side is to disable...
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
...via about:config.
But this can't be a solution, I need a server side solution, can anybody tell me how I can tell my Windows Server 2003, TomCat 6, Java 1.6 Environment how to disable SSLv3 protocol during handshake?
Changing protocol and setting cipher attributes solved the problem.
<Connector port="8443" maxHttpHeaderSize="8192"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="50" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="50" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
URIEncoding="UTF-8" keystorePass="##########" keystoreFile="##########"/>
Hello Mr. Brutscher many thanks for your post. We had the same issue and this fix also solved our problem. Best Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.