I have a client who is running on 12.1 and going to upgrade in few months time. Below is the NSA configuration;
app - HTTP://ppm Port- 2840 HTTPS://PPM Port- 8443
app -2 - HTTP://ppm Port- 2841 HTTPS://PPM Port- 8444
SERVER -2 (IP-xx.***.xx.144)
app HTTP://ppm Port- 2840 HTTPS://PPM port- 8443
app -2 HTTP://XX.***.XX.144:2845 (ip address), Port - 2845 HTTPS://ppm Port- 8444
app -3 - HTTP://ppm Port- 2841 HTTPS://PPM Port- 8445
when users access the application using the one defined the LB ( https://ppm) using Chrome Browser, it gives the 'Server has weak ephemeral...' error. But if we try to access the application using the IP address URL it works perfectly fine on Chrome.
Certificates are renewed and valid though.
The problem is due to old ciphers which was used in 12.1 and currently with latest browser its looking for SSL3.0/TLS certificates. So even if you don't use the load balancer and use the https url accessing the app server directly you will hit the same error provided you have installed the certificate on the app servers.
So in order to ensure the security and use the latest ciphers, I would encourage you to upgrade to latest PPM version.
Ref of this error: Google Groups
Hope this helps
Thanks Suman for the help.
Cerificates are installed on the App servers. Works well when give https url (bypassLB) too.
Then the best way to troubleshoot is to do a browser level trace by F12 and see where the traffic difference between load balancer and hitting directly the server.