Skip to main content

Zimbra Admin Error : Diffie-Hellman key in Server Key Exchange handshake message


Ketika Membuka zimbra admin , muncul error seperti dibawah ini :
Secure Connection FailedAn error occurred during a connection to Server Zimbra. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.    Please contact the website owners to inform them of this problem.
ketika saya menggunakan Firefox Ver 42.
Berdasarkan penjelasan dari support Mozilla , ini semacam celah keamanan SSL. saat firefox update aplikasi tersebut meningkatkan keamanan celah Diffie-Hellman

Diffie–Hellman key exchange (D–H) [nb 1] is a specific method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle.[1][2] D–H is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

Workaround for Firefox 39 and above:
1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning :)
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4) Double click each result (128 and 256) to toggle the Value to "false"
Now retry your site - it should work now. Remember to change these settings back when you're done.



 Setelah itu restart firefox , kemudian Accept Certtified

Demikian 

Taufan

Labels:

Comments

Post a Comment

Popular posts from this blog

[Arsip] Uninstal Zimbra Mail Server

UnInstalling Zimbra on Linux Uninstall Directions for Linux/All Other Operating Systems As root: 1) Run the commands: su – zimbra zmcontrol stop exit (you should be root after you run exit) 2a) Run the command:  ps -ef | grep -i zimbra If you see running processes 2b) Kill any lingering processes:  kill -9 <pid> 3a) Run the command:  df If you see "amavisd" 3b) run command:  umount /opt/zimbra/amavisd<-new-blah>/tmp 4)  cd /<tmp_tar_install_dir>/zcs/ 5) Run the command:  ./install.sh -u 6) Run the following commands to complete the unistall: rm -rf /opt/zimbra rm -rf /var/log/*zimbra* rm -rf /tmp/*zimbra* rm -rf /tmp/hsperfdata* rm -rf /tmp/install.* rm -rf /tmp/*swatch* rm -rf /tmp/log* Ensure that you removed ALL the files owned by the user zimbra AND that contain the name "zimbra" in: /var/log/ /tmp/ 7) Run the following commands to delete the users and groups: userdel zimbra userdel postfix groupdel zimbra groupdel postfix 8) Remove the line &q
Post a Comment
Read more
Problem LDAP service  pada Zimbra  [Solved] terjadi pada server replikasi zimbra di kantor saya pada tanggal 5 November 2016 tiba-tiba error LDAP tidak mau startup service. service zimbra start Host test.domainku.com Starting ldap...Done. Failed. Failed to start slapd. Attempting debug start to determine error. daemon: bind(7) failed errno=98 (Address already in use) slap_open_listener: failed on ldap://mail.domain.com:389 Setelah cari-cari di google berhasil yaitu dengan menjalankan ulang file zmsetup.pl -Login sebagai root - /opt/zimbra/libexec/zmsetup.pl root@mailserver:~# /opt/zimbra/libexec/zmsetup.pl Operations logged to /tmp/zmsetup.11072016-131240.log Running bdb db_recover...done. Running zmldapapplyldif...done. Reboot mailserver kemudian berjalan normal ada juga yang menggunakan tutorial seperti dibawah ini (bisa dicoba): Untuk melihat service openldap yang sudah aktif : # ps -ef | grep slap openldap 1129 1 0 15:28 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap
Post a Comment
Read more