Adito supports a lot of different SSL-ciphers and some of them has weak Diffie-Hellman (DH) keys.
Here is a guide that worked for me and ensures secure connection to Adito (as before).
If you want to read more about the problem visit https://weakdh.org/ it checks your browser at the same time.
Use alternative browser or temporary enter these commands in Firefox:
- Search for security.ssl3.dhe_rsa_aes
- Doubleclick to set values to false on security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha
Login to your Adito account and then follow the guide
Press the “Server” link under System Configuration
Push the “SSL” tab and you’ll see a list of ciphers
Adito states the following regarding the Adito client (this is very important)
The list of SSL ciphers supported by Adito. If the selected cipher list is empty then all available ciphers are supported, if you edit this list then ensure that SSL_RSA_WITH_RC4_128_MD5 is selected as this is required by the Adito Agent.
WARNING: Editing these properties may cause compatibility problems with some older browsers.
I removed every TLS_* entry from this list and added all the SSL_* ciphers.
(Please do some research on which ciphers that are most usefull for your organization)
Press OK when you have updated the ciphers list
A restart of the Adito server is required. Existing users will be thrown out!
Press OK to restart Adito now
Press OK on the redundant confirmation regarding restart
Just wait 10 seconds. It displays an abort function if you actually did not read the messages before 🙂
The restart takes some time, and only works if you use it in service mode.
If you are using console, you have to close and restart the consolewindow.
Now remove the exceptions in Firefox as you changed before (security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha), and login to your Adito server using Firefox.
You are ready to use Adito on any browser again
If you haven’t update your Adito so clients can use Java 1.8, please see the page Installer-SVN!
Applet is valid signed and recompiled with JDK 1.8!