Weak Ephemeral Diffie-Hellman Key
Recently, some web browsers have updated their list of supported cipher algorithms which are used to ensure secure communication between the browser and web server. Due to this update, new browser versions may lose the ability to login to the Control System and other web interfaces since the ciphers supported by the web browser do not match the ciphers supported by the web servers.
Affected Versions
- MapR - Versions 3.x, 4.x, and 5.0
- Browsers - Latest versions such as Chrome 45 and Firefox 39
Symptoms
Users might see the following error messages if they encounter the issue:
Browser | Error Message |
---|---|
Firefox |
An error occurred during a connection to <ip>:<port>. SSL
received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
|
Chrome | Server has a weak ephemeral Dillie-Heffman public key or
ERR_SSL_WEAK_EPHEMERAL_DH_KEY |
How to Fix the Issue
Based on the Cluster version that you have, perform one of
the following options to fix the issue:
Version | Option(s) |
---|---|
4.x and 5.0 |
Apply the latest patch on every node in the cluster. -or- Edit the core-site.xml file on each node with a service that runs a web server. |
3.x | Edit the core-site.xml file on each node with a service that runs a web server. |