Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV042 V03 - Server has a weak ephemeral Diffie-Hellman public key

Hi. Changes in both Firefox and Chrome prevent to access the RV042 V03 web interface (Firmeware version: v4.2.1.02 Jan 18 2012 14:10:55) , throwing the following error: "Server has a weak ephemeral Diffie-Hellman public key".

 

Does anybody successfully implement a fix for this issue? Thanks in advance. Martin. 

10 REPLIES
New Member

I was able to connect to my

I was able to connect to my router from another computer with an older version of Firefox.  Once there, I went to the Firewall tab and changed HTTPS from enable to disable.  

I'm now able to access my router from the new version of Google Chrome, but I worry what security I may have given up by making this change.

New Member

Hi, you can try the following

Hi, you can try the following:

Type the URL given below in your browser's address bar:

about:config

Accept the securty warning 

Here in this config page, you will find a list of boolean entries. Search ssl3 and specifically for below two entries:

security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha

Then make a right click on each and change the value from True to False selecting revert.

 

Let me know if that help

New Member

I'm using the RV042-G, and OS

I'm using the RV042-G, and OS-X Yosemite.  I've tried Chrome and Safari and get the same D-H error.  I used an old version of Chrome and was able to update the Firmware.

Problem persists.

New Member

Hi, you can try the following

Hi, you can try the following:

Type the URL given below in your browser's address bar:

about:config

Accept the securty warning 

Here in this config page, you will find a list of boolean entries. Search ssl3 and specifically for below two entries:

security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha

Then make a right click on each and change the value from True to False selecting revert.

 

Let me know if that help

New Member

Worked for me.Thanks

Worked for me. I had to wait a min or so until the settings took effect on the browser.

Thanks

New Member

Hello, All well and good to

Hello,

 

All well and good to dumb down the browser's security, but what are you setting yourself up for in the wild west of the internet.

I am having trouble with brand new RV042's fresh out of the box, not older legacy gear.

I updated the firmware and the browsers, and finally dragged an old laptop out and logged in and switched of https.

I am using these routers for PPTP and the firewall disables remote log gin on the WAN.

I can log in on the LAN side with http.

So my browsers are still set for paranoia security levels, and I can log in off the LAN side ok.

So what is Cisco going to do to fix their SSL ?

 

Dave

New Member

Here is a link to an

Here is a link to an excellent article about the Server has a weak ephemeral Diffie-Hellman public key error.

New Member

so why are all the posts

so why are all the posts about work-arounds and circumventing security settings. Is there no fix for this?

Why has @cisco not responded to this issue?  The new firmware still has this issue. I can still buy these routers.  why should i do so?

Is there a fix?

New Member

The only thing you can do

The only thing you can do right now is disable https in the routers Firewall menu tab.

Use http

I refuse to dumb down a browsers security.

I tried to get Cisco to answer the question and they didn't even acknowledge the problem.

Use a complex password.

New Member

The latest firmwares fixes

The latest firmwares fixes this issue.

4894
Views
9
Helpful
10
Replies