Back to knowledgebase

CafeX Critical Issue Bulletin 002 - Chrome 45 and Firefox 39


Firefox 39 (ETA 30th June) and Chrome 45 (ETA sometime in late August) introduce new security features which will prevent access to websites which use older encryption ciphers such as the default Diffie-Hellman. 

This can prevent access to the CaféX WBF (Web Plugin Framework) e.g. when you browse to https://your-server:8443/web_plugin_framework/webcontroller/ you get the error similar to:

Server has a weak, ephemeral Diffie-Hellman public key


Note: This will also affect service URLs that are not behind a reverse proxy, e.g. services hosted in AWS with no reverse proxy protecting them.


Remove the older cipher keys from the cipher suites used by FAS.

1. Make a back up of your file

  • cd /opt/cafex/FAS-2.1*/domain/configuration
  • cp fas.bak-<date>

2. Edit and remove the weak encryption ciphers

  • vi and make the following changes to the  jsse cipher suites:





3. Restart FAS from the command line

  • service fas restart
Have more questions? Submit a request