Forum Discussion

Nimbostratus

Sep 23, 2015

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY SSL error with Chrome 45

Hi, The new Chrome browser version V45 seems to block access to ssl-sites using a public key smaller than 1024 bits. We offload the SSL for our websites to our LTM (V11.5.3) using a client SSL P...

application delivery

LTM

Brad_Parker

Cirrus

Sep 23, 2015

Are you sure of your cipher string and LTM version? That error is related to DHE ciphers. Your version and cipher string should not be using any DHE ciphers, https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html. The link state DEFAULT doesn't contain DHE.

ITOPSNetwTeam_6

Nimbostratus

Sep 24, 2015

Here's the output : tmm --clientciphers 'DEFAULT:!ADH:!EXPORT40:!EXP:!LOW:!SSLv3:!RC4' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 5: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 6: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 7: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 8: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 9: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 14: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 15: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 16: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 17: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 18: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 19: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 20: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 21: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 22: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 23: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 24: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)