Hi, 

I have a problem to connect to the LUA from Chrome or Firefox, I'm getting the following error (Chrome)

Server has a weak ephemeral Diffie-Hellman public key

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

I know that it is happening because the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all.

The question is: How do i fix it? How do I change the SSL/TLS Diffie-Hellman Modulus to 2048 Bits?

Thanks in advance

What version of LUA are you using? This needs to be fixed within LUA, which may require a release fix. But what version are you using?

Hi,

Following article refer to similar error but it's for SEPM & has suggested Support for Firefox 39.x, and Chrome 45.x is added in Symantec Endpoint Protection (SEP) 12.1.6 MP1. To obtain the latest version of SEP, see Download the latest version of Symantec Endpoint Protection.

http://www.symantec.com/docs/TECH231655

I think you should upgrade LUA as well.

Hi IUG,

The default Tomcat ciphers included within the LUA are weak, change the server.xml file in "C:\Program Files (x86)\Symantec\LiveUpdate Administrator\tomcat\conf\server.xml" and change the ciphers then restart.

Change From
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA"  

Change To
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

Is Version: 2.3.4.16