WebLogic : Server has a weak ephemeral Diffie-Hellman public key

One of our project environments is on WebLogic 10.3.5.  Server Identity key was created with 2048 bits. JSSE is already enabled. Our environment was running JRockit 6 update 31.

Recently , we started getting SSL errors while accessing secure content in the environment.  While accessing via Chrome , we got the following error

Server has a weak ephemeral Diffie-Hellman public key. ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Server has a weak ephemeral Diffie-Hellman public key


 Latest browsers comes up with above error if the server allows/accepts DHE_EXPORT ciphers.Weblogic 10.3.5 running on JDK/Jrockit 6 allows  DHE_EXPORT ciphers.


Available ciphers are controlled by JDK and Oracle has released a critical patch to remove the DHE_EXPORT Ciphers. For JDK 6 , it is available as part of JDK 1.6.0_101 update. Equivalent JRockit version can be found at JRockit Equivalent for JDK 6 Updates

Configuring our weblogic environment with JRockit R28.3.7 resolved the issue.

As a long term measure, we would be moving to Weblogic 10.3.6 and JDK 7.


  1. WLS and EM 12c: Accessing EM and Weblogic Console URL in Browser Gives Error “ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY” (Doc ID 2054204.1)
  2. Transport Layer Security(TLS) Supportability For WebLogic Server (Doc ID 1492141.1)
  3. All Java SE Downloads on MOS (Doc ID 1439822.1)
  4. JRockit Equivalent for JDK 6 Updates

Leave a Reply

Your email address will not be published. Required fields are marked *