[cisco-voip] firefox upgrade causing issues with CUCM CCMadmin page

Ryan Huff ryanhuff at outlook.com
Fri Jul 10 08:33:35 EDT 2015


Here is the Cisco security advisory for the OpenSSL flaw found in June/2015 .... Long, Long list of products affected:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

-Thanks,

Ryan


From: ryanhuff at outlook.com
To: dennis.heim at wwt.com; wokka at justfamily.org; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin page
Date: Thu, 9 Jul 2015 15:55:04 -0400




Here is a good explanation of the issue and how to work around it:

http://eltonoverip.com/blog/2015/07/firefox-39-0-ssl-error-weak-ephemeral-diffie-hellman-key/

From: Dennis.Heim at wwt.com
To: wokka at justfamily.org; cisco-voip at puck.nether.net
Date: Thu, 9 Jul 2015 19:53:09 +0000
Subject: Re: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin page









There is a parameter for those the keys that you need to toggle to disable and then it will work. Not sure of the true impact of that, but that is what I changed.
 
Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814


“There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper
 
Click here to join me in my Collaboration Meeting Room
 
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net]
On Behalf Of Charles Goldsmith

Sent: Thursday, July 09, 2015 3:50 PM

To: voip puck

Subject: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin page
 

Getting this error with Firefox 39


An error occurred during a connection to 10.52.122.26. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)


 


    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.


    Please contact the website owners to inform them of this problem.



 


I've seen this on 8.6.2 and 9.1.2, the two 10.5.x systems I have access to have 3rd party certs, and they both work fine.  The 8.x and 9.x systems do not have 3rd party, just internally signed.


 


Anyone else seeing this and know a work around?  I detest using IE or Safari for CUCM work.






_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150710/670ef92d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3876 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150710/670ef92d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1389 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150710/670ef92d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1292 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150710/670ef92d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1391 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150710/670ef92d/attachment-0003.png>


More information about the cisco-voip mailing list