Server has a weak ephemeral Diffie-Hellman public key

Firefox and Chrome browsers recently began preventing users from accessing sites with weak public keys. When users attempt to access such sites, they may receive one of the following error messages in their browser:

Server has a weak ephemeral Diffie-Hellman public key 
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

or:

An error occurred during a connection to {host}. SSL received a 
weak ephemeral Diffie-Hellman key in Server Key Exchange handshake 
message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

Cascade Server instances running older versions of Java (1.6) and using Tomcat for SSL will display this behavior. To check which version of Java your instance of Cascade is currently using, click Administration -> Dashboard -> Information and look at the Java Version field.

Options for resolving this issue are as follows:

  • Upgrade to Cascade 7.14 or above. Beginning with Cascade 7.14, the application requires Java 1.8 which ultimately prevents this error from appearing.

  • For organizations that wish to continue using a version of Cascade prior to 7.14 (7.12.x and below):

    • Download and install Server JRE 1.7 from the Oracle Downloads page on the application server.
    • Follow the steps outlined here to configure your Cascade instance to use the new JVM.