Hi
We are using Cent OS 6.4 and when we access our web site some browsers having following error. If you ll having any solution please help. Urgent.
Server has a weak ephemeral Diffie-Hellman public key
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
Thanks
Chamikara
Diffie-Hellman public key
Re: Diffie-Hellman public key
I have moved your post to the CentOS 6 General Support forum as the CentOS 5 forums are not the correct place to post questions about CentOS 6.
Your first step is to update ASAP from the old, unsupported and vulnerable 6.4 to the current version which is 6.7. Run yum update
Your first step is to update ASAP from the old, unsupported and vulnerable 6.4 to the current version which is 6.7. Run yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Diffie-Hellman public key
I'm assuming you're using Google's chromium browser...
Google deprecated a whole bunch of ciphers recently (and I think the other browsers will follow suit). You need to stop offering DH and offer something better like ECDHE or RSA. The way you do this depends on the web server software you're using (i.e.: Apache HTTP or Nginx for example).
See https://support.google.com/chrome/answe ... rd=1#DHkey
Google deprecated a whole bunch of ciphers recently (and I think the other browsers will follow suit). You need to stop offering DH and offer something better like ECDHE or RSA. The way you do this depends on the web server software you're using (i.e.: Apache HTTP or Nginx for example).
See https://support.google.com/chrome/answe ... rd=1#DHkey
Re: Diffie-Hellman public key
hi
Thanks but I try it dosn't work
Thanks but I try it dosn't work
Re: Diffie-Hellman public key
Hi
Thanks for your advice's
After update server its work but i can not start httpd for other applications
service httpd start
Starting httpd: [Tue Oct 06 10:30:13 2015] [warn] module ssl_module is already loaded, skipping
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Tue Oct 06 10:30:13 2015] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
Thanks
Chamikara
Thanks for your advice's
After update server its work but i can not start httpd for other applications
service httpd start
Starting httpd: [Tue Oct 06 10:30:13 2015] [warn] module ssl_module is already loaded, skipping
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Tue Oct 06 10:30:13 2015] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
Thanks
Chamikara
Re: Diffie-Hellman public key
Please don't triple post.