Mozilla announced on September 30, 2016 that it made the decision to enforce stronger Diffie-Hellman keys in the Firefox web browser.
Firefox users who visit websites that use weak -- now less than1023 bits -- will see a connection error message in the web browser instead of the actual site.
The message reads "secure connection failed" and the reason given is the following one:
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
The page lists a learn more link that leads to the Firefox "what does your connection is not secure mean" support page on Mozilla Support.
The error page itself lists a "try again" button but no option to override the policy and open the actual website.
In case you are wondering, this is how other browser's are handling sites with weak Diffie-Hellman keys:
According to Mozilla, a small number of servers are still configured to use weak keys that are vulnerable to attack.
In response to recent developments attacking Diffie-Hellman key exchange (https://weakdh.org/) and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits. A small number of servers are not configured to use strong enough keys. If a user attempts to connect to such a server, they will encounter the error “ssl_error_weak_server_ephemeral_dh_key”.
The organization mentions the Logjam attack in particular which attacks the TLS protocol.
All major browsers block sites that use weak Diffie-Hellman keys now with no override option. In case you are wondering, Firefox's preference to override weak security certificates is not working either.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.