Clarity

I have a client who is running on 12.1 and going to upgrade in few months time. Below is the NSA configuration;

Server-1 (IP-xx.***.xx.143)

app    - HTTP://ppm   Port- 2840
         HTTPS://PPM  Port- 8443

app -2 - HTTP://ppm  Port- 2841
         HTTPS://PPM Port- 8444

SERVER -2 (IP-xx.***.xx.144)

app      HTTP://ppm Port- 2840
         HTTPS://PPM port- 8443

app -2  HTTP://XX.***.XX.144:2845 (ip address), Port - 2845
         HTTPS://ppm  Port- 8444

app -3 - HTTP://ppm  Port- 2841
         HTTPS://PPM Port- 8445

when users access the application using the one defined the LB ( https://ppm) using Chrome Browser, it gives the 'Server has weak ephemeral...' error. But if we try to access the application using the IP address URL it works perfectly fine on Chrome.

Certificates are renewed and valid though.

Any thoughts?

Tx

PP

Hi Prakash,

The problem is due to old ciphers which was used in 12.1 and currently with latest browser its looking for SSL3.0/TLS certificates. So even if you don't use the load balancer and use the https url accessing the app server directly you will hit the same error provided you have installed the certificate on the app servers.

So in order to ensure the security and use the latest ciphers, I would encourage you to upgrade to latest PPM version.

Ref of this error: Google Groups

Hope this helps

Regards

Suman Pramanik

Thanks Suman for the help.

Cerificates are installed on the App servers. Works well when give https url (bypassLB) too.

Hi Prakash,

Then the best way to troubleshoot is to do a browser level trace by F12 and see where the traffic difference between load balancer and hitting directly the server.

Regards

Suman Pramanik