Make NetSight can be browsed with Chrome 45

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Doesn't Need an Answer
  • (Edited)
After Chrome upgrade to version 45, NetSight can not be browsed with the following error message,
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

I found a way to modify the tomcat's server.xml file,
change cipher parameter from
ciphers="${enterasys.tomcat.ciphers}"
to
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"

The server.xml file can be found as the following path,
/usr/local/Extreme_Networks/NetSight/jboss/server/default/deploy/jbossweb-tomcat55.sar/server.xml

After enable "ECDHE" in  ciphers and reboot NetSight server, 
NetSigtht can be browsed with Chrome finally~


Reference URL:
https://jamfnation.jamfsoftware.com/article.html?id=384
Photo of Shunze Lee

Shunze Lee

  • 732 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 39,442 Points 20k badge 2x thumb
Thanks for sharing!
Photo of Shunze Lee

Shunze Lee

  • 732 Points 500 badge 2x thumb