eG Self-Service Portal

Reason: Recent versions of Firefox (39) and Chrome (45) expects Strong Cipher suite definition in the SSL enabled web applications. The request will get rejected if weak cipher is found on the web server.

Problem Fix:

We recommend the below Cipher for eG web application. This attribute needs to be added in Server.xml under the SSL connector definition in Tomcat,

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

eG Manager restart is required once the above entry is changed.

Sample entry from Server.xml 

<Connector port="443" server="eG Tomcat Server" keystorePass="eginnovations" keystoreFile="webapps/eGmanager.bin" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" compressableMimeType="text/html,text/xml,text/plain,application/x-java-applet,application/octet-stream,application/xml,text/javascript,text/css,image/png,image/jpeg,image/gif,application/pdf,application/x-javascript,application/javascript,application/json,application/x-shockwave-flash,application/xhtml+xml,application/xml+xhtml" noCompressionUserAgents="gozilla, traviata" compressionMinSize="1024" compression="on" tcpNoDelay="true" URIEncoding="UTF-8" useURIValidationHack="false" connectionTimeout="20000" acceptCount="10" enableLookups="false" maxThreads="512" minSpareThreads="64" protocol="HTTP/1.1"/>