Security Connection Failed with Firefox v. 39 and CM1 v. 4.2.4

Hey there,

It looks like the FireFox v. 39 update creates security issues for CM1 v. 4.2.4:

************
Secure Connection Failed

An error occurred during a connection to acsf-percussion-cms.acsf.cornell.edu:9991. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

• The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
• Please contact the website owners to inform them of this problem.
  ************

I know we need to bring our CM1 more up to date, but I read that v. 5.1 requires hard-coded changes on each page.

Please advise:

1. Will upgrading to CM1 v. 4.5 address the Firefox security issue?
2. Can we safely do an upgrade directly from 4.2.4 to 4.5?
3. Any other concerns/suggestions?

Thanks so much!

Mark Lawrence
Cornell University

Hello Mark,

We are looking into this Firefox error with our engineers, we will update you here as soon as we have more details.

If you need a temporary fix for Firefox for now you can:

• Open Firefox, go to URL “about:config”
• Accept the This might void your warranty! warning by clicking on “I’ll be careful, I promise!” button
• In the search field, enter security.ssl3.dhe_rsa_aes
• Double click each result (128 SHA and 256 SHA) to change the Value to false

For upgrading, we support two releases at a time. For users at 4.2, this means you will need to upgrade two steps,

4.2 -> 4.4

then

4.4 -> 4.5

We have more information about upgrading here:

http://help.percussion.com/percussion…

Thank you Keith - much appreciated!

Best,

Mark

Hello All,

This issue was resolved by updating the Percussion server.xml SSL connector settings:

http://help.percussion.com/percussion-cm1/governance/security/Security-Hardening-Articles/logjam-vul…

This is also mentioned in this post:

https://community.percussion.com/percussion/topics/information-on-logjam-vulnerability