As of v45, Chrome is now blocking HTTPS sites with weak Diffie-Hellman public keys. Whilst this is good for everyone, it does cause certain things to stop working. Our Foglight for Virtualization Standard instance stopped working with Chrome and had to be fixed. Although this applies for Foglight, it can be used for any Tomcat 7 instance.

  1. SSH in to the Foglight virtual machine. Default username is vkernel and password is vkernel also.
  2. Change to root by typing su -. Default password is password.
  3. Type nano /usr/local/tomcat/conf/server.xml to edit the Tomcat config file.
  4. Under the HTTPS config section (starts with <Connector server="VKernel" port="443" maxHttpHeaderSize="8192" ....), you will find a cipher list like ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ....". Replace this with: ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
  5. Press Ctrl + X and then y to save the file.
  6. Type service tomcat stop then service tomcat start to reload the config file

You should now be able to access the site properly with Chrome v45+.