If your getting the “Server has a weak ephemeral Diffie-Hellman public key” error its because your trying to access an unsecured webpage. Unfortunately the internet and local intranets are riddled with these so while they are sometimes an indication of a potential nefarious site it more often is the handy work of a device or vendor that doesn’t have a certificate. I’ve seen this error with modems, routers, switches, printers and an assortment of other network devices with a WEB GUIs so don’t feel bad if you’ve gotten the error.
There are few options to fix this and they all evolve around lowering your security settings for your browser so (insert warning here).
For Chrome:
- Enable ECDHE and disable DHE (preferable)
- Use a 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites
- Disable all DHE SSL cipher suites
FireFox:
go to about:config in the address bar. Ignore the warnings, and type ‘dhe’ into the search box.
- Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it to false (disable Firefox from using this cipher)
- Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it to false (disable Firefox from using this cipher)
To revert Firefox to it’s normal behavior, just set those two parameters back to true.
Safari:
- get a better a browser
