cancel
Showing results for 
Search instead for 
Did you mean: 

Make NetSight can be browsed with Chrome 45

Make NetSight can be browsed with Chrome 45

Shunze_Lee
New Contributor II
After Chrome upgrade to version 45, NetSight can not be browsed with the following error message,
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

I found a way to modify the tomcat's server.xml file,
change cipher parameter from
ciphers="${enterasys.tomcat.ciphers}"
to
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"

The server.xml file can be found as the following path,
/usr/local/Extreme_Networks/NetSight/jboss/server/default/deploy/jbossweb-tomcat55.sar/server.xml

After enable "ECDHE" in ciphers and reboot NetSight server,
NetSigtht can be browsed with Chrome finally~

Reference URL:
https://jamfnation.jamfsoftware.com/article.html?id=384
2 REPLIES 2

Shunze_Lee
New Contributor II

Drew_C
Valued Contributor III
Thanks for sharing!
GTM-P2G8KFN