Problem Note 56600: Accessing the SAS® Environment Manager web application in certain browsers generates a security warning
 |  |  |  |
When you configure the HTTPS protocol for SAS Environment Manager and then access the application through the Mozilla Firefox browser, the browser generates the following security warning:
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"
This error occurs when you connect to a secure (HTTPS) server. The error indicates that the server is trying to set up a secure connection, but because of a weak cipher, the client (browser) rejects the attempt. As a result, the connection is not secure.
To resolve this issue, follow these steps:
- Edit the server.xml file that resides in the following folder:
SAS-configuration-directory/Lev1/Web/SASEnvironmentManager/server-5.x.x-EE/hq-engine/hq-server/conf/In this path:
- SAS-configuration-directory specifies the specific path to your SAS configuration directory (or folder).
- server-5.x.x refers to the release of SAS Environment Manager (for example, server-5.8.0-EE.
- Locate the default connector statement in the file, which should look similar to the following:
<Connector port="${server.webapp.secure.port}" executor="tomcatThreadPool" maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${server.keystore.path}" keystorePass="${server.keystore.password}" truststoreFile="${server.keystore.path}" truststorePass="${server.keystore.password}" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" sslProtocol="TLS" URIEncoding="UTF-8"/> - Change the values for the CIPHER= parameter in the statement above to the following:
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA" - Save the file and restart SAS Environment Manager.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Solaris for x64 | 9.4 TS1M3 | 9.4 TS1M3 |
| HP-UX IPF | 9.4 TS1M3 | 9.4 TS1M3 | ||
| Linux for x64 | 9.4 TS1M3 | 9.4 TS1M3 | ||
| 64-bit Enabled Solaris | 9.4 TS1M3 | 9.4 TS1M3 | ||
| 64-bit Enabled AIX | 9.4 TS1M3 | 9.4 TS1M3 | ||
| Microsoft® Windows® for x64 | 9.4 TS1M3 | 9.4 TS1M3 | ||
When you access SAS Environment Manager the Mozilla Firefox browser, the following error is generated: "SSL received a weak ephemeral Diffie-Hellamn key in Server Key Exchange handshake"
| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2015-09-18 13:24:10 |
| Date Created: | 2015-09-16 11:52:34 |