Operational Defect Database
BugZero found this defect 3237 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3F7SAI
Firefox 39 and Chrome 45 or later block access to SSL device Admin UI because of weak Diffie-Hellman key
Last update date:
9/2/2015
Affected products:
No affected products provided.
Affected releases:
Any/Unknown
Fixed releases:
All
Description:
Issue
If you use Firefox 39 or later to connect to the Admin UI on your WatchGuard SSL appliance, the browser will block access to the page with an error message that looks like this: Secure Connection FailedAn error occurred during a connection to ssl1560.example.net:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.Please contact the website owners to inform them of this problem.If you use Chrome 45 or later to connect to the Admin UI on your WatchGuard SSL appliance, the browser will block access to the page with an error message that looks like this: Server has a weak ephemeral Diffie-Hellman public key ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY This error can occur when connecting to a secure (HTTPS) server. It mean that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn’t be secure at all! In this case the server needs to be fixed. Google Chrome won’t use insecure connections in order to protect your privacy.
Workaround/Solution
Use a different browser to access the SSL appliance Admin UI.Note: To mitigate the risks caused by a less secure handshake in the Admin UI, WatchGuard recommends that you do not allow external internet hosts to access the page without first connecting to your SSL Application Portal.
