Avaya IP Office: Web Manager/One-X Portal Error – Server has a weak, ephemeral Diffie-Hellman public key

Affected Version(s):

IP Office R9.0 and R9.1 (but may affect earlier versions)
Google Chrome version 45 (but may affect earlier versions at a later stage)

Problem Details:

Users are unable to access Web Manager and/or One-X Portal due to the following error:

Server has a weak, ephemeral Diffie-Hellman public key

This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn’t be secure at all!

In this case, the server needs to be fixed. Google Chrome won’t use insecure connections in order to protect your privacy.

Chrome Error

Cause:

As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key, smaller than 1024 bits, for ephemeral Diffie-Hellman key agreement. This change may be back-ported to earlier Chrome versions.
You may find that the site works in other browsers. This is because other browsers, unknowingly or intentionally, work around the broken servers.  But this doesn’t change the fact that the servers have a glaring security hole and should be fixed.

Solution:

Use Internet Explorer/Firefox or upgrade to R9.1.4 (which contains a fix for this issue).

References

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s