Problems connecting to webNetwork with the newest browsers.

Problems connecting to webNetwork with the newest browsers.

Problem:  Customer was able to connect to webnetwork 6.2 with Firefox 43 and Chrome 47 but after Firefox 44 and Chrome 48 the browser says Secure Connection Failed.

Cause:  With the new browsers they have changed their security requirements.  An example of one of the changes is that they started blocking sites that still allow TLS_ECDHE_RSA_WITH_RC4_128_SHA, 128 bit keys TLS 1.2.  

Prerequisite(s):

  • webNetwork 6.2.1.186 with default denyCiphers in place.
  • Load Balancer that is in front of webNetwork

Solution(s):  The best option is to make sure that your webNetwork is up to date.  Being on the latest 6.4 code allows you to control the ciphers and protocols used by webNetwork to disable them as security requirements change with modern web browsers.  If you are unable to upgrade to 6.4 then you at least have to be on 6.2.1.186 of webNetwork and update your \stoneware\config\denyciphers file.  A sample of an updated one is included below.  If you utilize a load balancer then consult with that vendor on how to make changes to the ciphers / protocols used.

3rd Party SSL testing sites:

You should be able to get a score of at least an A- with webNetwork 6.4.x code.



Sample denyCiphers file
#
# A list of SSL/TLS ciphers that will be disabled when SSL is configured.
#
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Sample of excludeProtocols file (webnetwork 6.3 and higher)
#
# A list of protocols that will be disabled when SSL is configured.
#
SSLv3
SSL
SSLV2
SSLV2Hello

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Move webNetwork to different server

        *** If you are moving to a different OS, please see : https://helpdesk.lenovosoftware.com/portal/kb/articles/migrate-webnetwork-to-windows-linux-22-8-2017 *** Keeping the same OS / version / IP As long as you are keeping the same OS/ version/IP then ...

      • Issues with Round Robin DNS and webNetwork

        Round Robin DNS is considered the "poor mans load balancer"  You can find the information about it at WikipediA.  In general Round-Robin DNS works well with static web sites.  Once dynamic information is utilized then there may be problems.  The ...

      • Debug relay startup problems.

        1) If you have your loaders clustered, make sure the cluster status is in sync by using the 8090 management console and checking the cluster status. 2) Use the 8090 console on the relay to turn on com.stoneware.client.stonewareclient debug.  When the ...

      • Error connecting to Terminal Server 127.0.0.1

        Customer getting Error connecting to the terminal server: 127.0.0.1 after he updated the RDP client on his Windows XP and Vista machines. The customer was running 5.2.0.2 and needs to update to 5.2.0.4 or higher. The certificate used to code sign the ...

      • POODLE and webNetwork

        What has happened? A security vulnerability called POODLE has been found in SSL 3.0. Despite being an older encryption technology that is only used in less than 1% of SSL traffic, most web servers still allowed this protocol to enable older browsers ...