Symptoms or Error
Launching Command Center management website fails with the following error message on few??browsers (Firefox/Chrome):??SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Solution
Complete the following steps to configure/remove weak??ciphers:
-
Stop the Citrix Command Center service.
-
Back up the following files - "/apache/tomcat/conf/backup/server.xml" and "/conf/ transportProvider.conf".
-
Edit the file server.xml and set only the required ciphers with comma separator in the line.
For example: ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA". -
Configure the same ciphers in transportProvider.conf where it is tagged with SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA.
5. Start the Citrix Command Center service.
To remove these ciphers from a Command Center HA pair
- Stop the Command Center service on the secondary node and then stop the Command Center service on the primary node.
- Remove these ciphers from the following files on both the primary and secondary o????????<CC_Homel>/apache/tomcat/conf/backup/server.xml ??and o????<CC_Home>/conf/ transportProvider.conf
- Start the Command Center service on the primary node and the start the Command Center service on the secondary node.
??
Problem Cause
This issue is caused because of??weak ciphers. Now a days most of the browsers detect weak ciphers and donot allow SSL connections to go through.
Additional Resources
The following weak ciphers have now been removed from the cipher list:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA.
Command Center now supports the?? following strong ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV
More information:
http://docs.citrix.com/en-us/command-center/5-2/cc-faq-wrapper-50-con.html??
Supporto Citrix
Traduzione automatica
Questo articolo ??¨ stato tradotto da un sistema di traduzione automatica e non ??¨ stata valutata da persone. Citrix fornisce traduzione automatica per aumentare l'accesso per supportare contenuti; tuttavia, articoli automaticamente tradotte possono possono contenere degli errori. Citrix non ??¨ responsabile di incongruenze, errori o danni derivanti dell'uso di articoli automaticamente tradotte.
Citrix技術支持
自動翻譯
這篇文章被翻譯由一個自動翻譯系統,並沒有受到人們的審查。 Citrix提供自動翻譯,增加獲得支持的內容;但是,自動翻譯的文章可能可以包含錯誤。思傑不負責不一致,錯誤或損壞因使用自動翻譯的文章的結果。
Поддержка Citrix
Tradução automática
Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.
시트릭스 지원
자동 번역
이 문서 자동 번역 시스템에 의해 번역 된 사람들에 의해 검토되지 않았다. 시트릭스는 컨텐츠를 지원하기 위해 접근을 높이기 위해 자동 번역을 제공합니다; 그러나, 자동으로 번역 기사 오류를 포함 할 수있다. 시트릭스는 자동으로 번역 된 기사의 사용의 결과로 발생하는 불일치, 오류 또는 손해에 대해 책임을지지 않습니다.