OAM, X509, SSL Issue : SSL server probably obsolete or SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message

Error Cause : As weblogic deployed oam_server1’s SSL is below SSL 3.0 standard, so the new browsers(recognize SSL 3.0 onwards) will throw below error :

9

Solution :

  1. Login to admin console, click on oam_server1 => SSL => Advanced

10

11

 2. Select the Use JSSE SSL

12

Restart AdminServer and oam_server1 and verify the SSL is now 3.0

If Still issue continues with error :

Error Cause :SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message

Solution :

Add green selected ciphersuites in config.xml

cd /d01/Weblogic/FMW/user_projects/domains/OAMDomain/config

vi config.xml

<ssl>

<name>oam_server1</name>

<enabled>true</enabled>

        <ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>

      <ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>

      <ciphersuite>SSL_RSA_WITH_RC4_128_MD5</ciphersuite>

      <ciphersuite>SSL_RSA_WITH_RC4_128_SHA</ciphersuite>

      <ciphersuite>SSL_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite>

      <ciphersuite>SSL_RSA_WITH_DES_CBC_SHA</ciphersuite>

      <ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>

Restart AdminServer and oam_server1.

January 19, 2016

0 responses on "OAM, X509, SSL Issue : SSL server probably obsolete or SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"

Leave a Message