Share the post "Can’t access Weblogic Console | ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
When accessing WebLogic Console for OEM Cloud Control using Chrome, I received following error.
I knew nothing has changed, no new patches were applied. So what happened?
After doing some google search, I found out that latest version of Google Chrome 45 is no longer accepting weak cipher. Any website that uses outdated security code will not open in Chrome anymore.
DHE_EXPORT cipher which is used by Weblogic is valureable for Logjam attack.
In My Oracle Support Doc ID 2054204.1 Oracle acknowledges this as a bug and currently working on a patch.
Workaround for Chrome is to pass in the following parameters to Chrome.exe:
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –cipher-suite-blacklist=0x0033,0x0039
Right click the Chrome shortcut (where ever you have it) and go to “Shortcut” tab and in Target field type in the parameter. After this close all Chrome windows and restart Chrome browser.
Here is the workaround for other browser as mentioned in the MOS ID 2054204.1:
a. Internet Explorer:
==============
==============
1. Increase key strength of WLS certificates to 1024 bits:
<< Note 1510058.1>> – Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
2. Access WLS Console in Internet Explorerb. Firefox:
=======
<< Note 1510058.1>> – Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
2. Access WLS Console in Internet Explorerb. Firefox:
=======
1. Increase key strength of WLS certificates to 1024 bits:
<< Note 1510058.1>> – Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
2. Open firefox browser and type ‘about:config’ in URL field
3. Search for ‘security.ssl3.dhe_rsa_aes_128_sha’ and ‘security.ssl3.dhe_rsa_aes_256_sha’
4. Double click (Toggle) on ‘security.ssl3.dhe_rsa_aes_128_sha’ and ‘security.ssl3.dhe_rsa_aes_256_sha’ so that their value gets changed to ‘false’
5. Close the firefox and open new firefox window
6. Access OEM Weblogic Admin Server Console
<< Note 1510058.1>> – Regenerating OEM-WLS Demo Identity Certificate with 1024 bit Keystrength
2. Open firefox browser and type ‘about:config’ in URL field
3. Search for ‘security.ssl3.dhe_rsa_aes_128_sha’ and ‘security.ssl3.dhe_rsa_aes_256_sha’
4. Double click (Toggle) on ‘security.ssl3.dhe_rsa_aes_128_sha’ and ‘security.ssl3.dhe_rsa_aes_256_sha’ so that their value gets changed to ‘false’
5. Close the firefox and open new firefox window
6. Access OEM Weblogic Admin Server Console
For up to date information, please see MOS.
Update 10/29/2015:
Oracle has posted Weblogic patch for this issue.
WLS Patch 21827340 is available to address this issue.
