Hi. I have a java web app that uses weak crypto. I would like to be able to access it with a modern browser. Currently the only method that seems to work is links on freebsd 9.3, all other browsers give errors such as:
Error performing TLS handshake: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Obviously it would be better if this was fixed but it is not something I have control of.
Would it be possible for me to use stunnel to encapsulate the weak connection within a stronger one so the browser does not complain?
I have tried this:
; TLS front-end to a web server [https] client = yes accept = 443 connect = 192.168.1.5:443 cert = /usr/local/etc/stunnel/stunnel.pem
Which asks me to make an exception for the self signed cert but then proceeds to fail in same way as before.
Cheers
-- Pete