Weak Ephemeral Diffie-Hellman Key

Recently, some web browsers have updated their list of supported cipher algorithms which are used to ensure secure communication between the browser and web server. Due to this update, new browser versions may lose the ability to login to the MapR Control System (MCS) and other web interfaces since the ciphers supported by the web browser do not match the ciphers supported by the web servers.

Affected Versions

  • MapR - Versions 3.x, 4.x, and 5.0
  • Browsers - Latest versions such as Chrome 45 and Firefox 39

Symptoms

Users might see the following error messages if they encounter the issue:

Table 1. Browser Symptoms
Browser Error Message
Firefox An error occurred during a connection to <ip>:<port>. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Chrome Server has a weak ephemeral Dillie-Heffman public key or ERR_SSL_WEAK_EPHEMERAL_DH_KEY

How to Fix the Issue

Based on the MapR Cluster version that you have, perform one of the following options to fix the issue:
Table 2. Fix Options
MapR Version Option(s)
4.x and 5.0

Apply the latest patch on every node in the cluster.

-or-

Edit the core-site.xml on each node with a service that runs a web server.

3.x Edit the core-site.xml on each node with a service that runs a web server.