Problems connecting to webNetwork with the newest browsers.

Problems connecting to webNetwork with the newest browsers.

Problem:  Customer was able to connect to webnetwork 6.2 with Firefox 43 and Chrome 47 but after Firefox 44 and Chrome 48 the browser says Secure Connection Failed.

Cause:  With the new browsers they have changed their security requirements.  An example of one of the changes is that they started blocking sites that still allow TLS_ECDHE_RSA_WITH_RC4_128_SHA, 128 bit keys TLS 1.2.  

Prerequisite(s):

  • webNetwork 6.2.1.186 with default denyCiphers in place.
  • Load Balancer that is in front of webNetwork

Solution(s):  The best option is to make sure that your webNetwork is up to date.  Being on the latest 6.4 code allows you to control the ciphers and protocols used by webNetwork to disable them as security requirements change with modern web browsers.  If you are unable to upgrade to 6.4 then you at least have to be on 6.2.1.186 of webNetwork and update your \stoneware\config\denyciphers file.  A sample of an updated one is included below.  If you utilize a load balancer then consult with that vendor on how to make changes to the ciphers / protocols used.

3rd Party SSL testing sites:

You should be able to get a score of at least an A- with webNetwork 6.4.x code.



Sample denyCiphers file
#
# A list of SSL/TLS ciphers that will be disabled when SSL is configured.
#
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Sample of excludeProtocols file (webnetwork 6.3 and higher)
#
# A list of protocols that will be disabled when SSL is configured.
#
SSLv3
SSL
SSLV2
SSLV2Hello

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • Move webNetwork to different server

        *** If you are moving to a different OS, please see : https://helpdesk.lenovosoftware.com/portal/kb/articles/migrate-webnetwork-to-windows-linux-22-8-2017 *** Keeping the same OS / version / IP As long as you are keeping the same OS/ version/IP then ...

      • Issues with Round Robin DNS and webNetwork

        Round Robin DNS is considered the "poor mans load balancer"  You can find the information about it at WikipediA.  In general Round-Robin DNS works well with static web sites.  Once dynamic information is utilized then there may be problems.  The ...

      • Debug relay startup problems.

        1) If you have your loaders clustered, make sure the cluster status is in sync by using the 8090 management console and checking the cluster status. 2) Use the 8090 console on the relay to turn on com.stoneware.client.stonewareclient debug.  When the ...

      • Error connecting to Terminal Server 127.0.0.1

        Customer getting Error connecting to the terminal server: 127.0.0.1 after he updated the RDP client on his Windows XP and Vista machines. The customer was running 5.2.0.2 and needs to update to 5.2.0.4 or higher. The certificate used to code sign the ...

      • POODLE and webNetwork

        What has happened? A security vulnerability called POODLE has been found in SSL 3.0. Despite being an older encryption technology that is only used in less than 1% of SSL traffic, most web servers still allowed this protocol to enable older browsers ...