To All, We as much as possible are using the Jenkins LTS RPM to setup Jenkins. We enable the HTTPS on a different port for instance 9081. In existing Jenkins we do not use a webserver or proxy server to take care of the HTTPS. We generate keystore with Java keytool.
keytool -genkey -alias hdsoncert -keyalg RSA -keysize 2048 -sigalg SHA1withRSA ... Starting with Firefox and now Chrome, some of the existing Jenkins are inaccessible where the browser (Firefox and Chrome) complaining about "Server has a weak ephemeral Diffie-Hellman public key". I googled about Jenkins and weak ephemeral Diffe-Hellman and nothing came up. It looks like it is not the key that is unsecure but another issue with temporary ephemeral DH key: http://stackoverflow.com/questions/30523324/how-to-config-local-jetty-ssl-to-avoid-weak-phermeral-dh-key-error Do you have any suggestion besides setting up Proxy like Nginx and configure it with new cyper suite to disable this weak ephemeral DH? Shall I try running Jenkins with JAVA 8? https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html I am running Jenkins with Java 7 Thank you -Indra -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/D225976A.2A004%25ingunawa%40cisco.com. For more options, visit https://groups.google.com/d/optout.
