Applies to- Quark Publishing Platform 2015 & Quark Publishing Platform 10

Background:

Server has a weak ephemeral Diffie-Hellman public key. This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all.

Summary:
This error occurs if a secure connection can't be established because of outdated security code on the website. This error is encountered on the latest versions of browsers like chrome and Firefox. Safari and Internet Explorer are not affected.

Solution:
To fix this error the Weak Diffie-Hellman has to be disabled by adding the cipher to the SSL connector in conf/server.xml


Add a list of allowed ciphers to the Tomcat configuration in conf/server.xml to disable the weak Diffie-Hellman ciphers:

< Connector
        ... ciphers='TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA'


Server.xml can be found at the following location:


MAC: MAC HD\Applications\Quark\Quark Publishing Platform\Server\Conf\server.xml

Windows: C:\Program files\Quark\Quark Publishing Platform\Server\Conf\Server.xml

Once this is done restart the QPP service to have the changes take affect.