SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 56600: Accessing the SAS® Environment Manager web application in certain browsers generates a security warning

DetailsAboutRate It

When you configure the HTTPS protocol for SAS Environment Manager and then access the application through the Mozilla Firefox browser, the browser generates the following security warning:

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"

This error occurs when you connect to a secure (HTTPS) server. The error indicates that the server is trying to set up a secure connection, but because of a weak cipher, the client (browser) rejects the attempt. As a result, the connection is not secure.

To resolve this issue, follow these steps:

  1. Edit the server.xml file that resides in the following folder:
    SAS-configuration-directory/Lev1/Web/SASEnvironmentManager/server-5.x.x-EE/hq-engine/hq-server/conf/

    In this path:

    • SAS-configuration-directory  specifies the specific path to your SAS configuration directory (or folder).
    • server-5.x.x refers to the release of SAS Environment Manager (for example, server-5.8.0-EE.
  2. Locate the default connector statement in the file, which should look similar to the following:
    <Connector port="${server.webapp.secure.port}" executor="tomcatThreadPool" maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${server.keystore.path}" keystorePass="${server.keystore.password}" truststoreFile="${server.keystore.path}" truststorePass="${server.keystore.password}" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" sslProtocol="TLS" URIEncoding="UTF-8"/>
  3. Change the values for the CIPHER= parameter in the statement above to the following:
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA"
  4. Save the file and restart SAS Environment Manager.


Operating System and Release Information

Product FamilyProductSystemSAS Release
ReportedFixed*
SAS SystemSAS Environment ManagerSolaris for x649.4 TS1M39.4 TS1M3
HP-UX IPF9.4 TS1M39.4 TS1M3
Linux for x649.4 TS1M39.4 TS1M3
64-bit Enabled Solaris9.4 TS1M39.4 TS1M3
64-bit Enabled AIX9.4 TS1M39.4 TS1M3
Microsoft® Windows® for x649.4 TS1M39.4 TS1M3
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.