Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

dhe exchange warnings confusing people

  • 3 trả lời
  • 1 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi doubleg76

more options

Good day.

We're starting to see the error from our user base and our employees.

Looks like this An error occurred during a connection to gb-dc3-bm09.liquidweb.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

What I don't understand about this error is its saying it can not communicate because of a weak key - ok. That is fine.

Is there a reason the cipher isn't disabled in the first place? I feel its confusing to people, and if disabling the cipher with the weak key support results in the fix, I think it would be a smarter move instead of throwing the said warning.

Good day. We're starting to see the error from our user base and our employees. Looks like this An error occurred during a connection to gb-dc3-bm09.liquidweb.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. What I don't understand about this error is its saying it can not communicate because of a weak key - ok. That is fine. Is there a reason the cipher isn't disabled in the first place? I feel its confusing to people, and if disabling the cipher with the weak key support results in the fix, I think it would be a smarter move instead of throwing the said warning.

Tất cả các câu trả lời (3)

more options

That happens when users go to HTTPS websites that are using older security with an up-to-date web browser that has the most recent security patches for known exploits.

Users can "allow" per domain thru a hidden preference in Firefox, but that isn't easy for the "average user", not is it advised. Each website needs to fix their security on their server, to protect the users of their website.

Logjam is the latest exploit that has been fixed and is causing issues in the latest browser versions which have the 'patches'. Mid-May 2015 is when it came to light in public by security researchers. Browser developers were informed months before to allow them time to develop 'patches' or to deprecate the involved protocols. https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

more options
more options

cor-el & the-edmeister

Thanks for the responses! Certainly more info is helpful. I wanted to let you know I understand the aspects behind this issue, but the info is excellent.

More towards what I was wanting to convey is the following:

The warning is confusing.

The browser allows the connection in the config.

The browser throws a warning.

Disable the support for the support for the weak key and on a majority of sites the confusion goes away due to a higher bit key being exchanged at connection and things work without said confusion.

I also am confused because I thought that previous to these warnings we / Mozilla and other browsers disabled the ssl3 based protocol connections.

So I'm wondering if some type of change occurred either planned or unexpectedly due to possible regression.