Weak Ephemeral Diffie-Hellman Public Key

Joe Engelking

Ready to Solve Your IT Problems and/or Protect Your Systems?

If your getting the “Server has a weak ephemeral Diffie-Hellman public key” error its because your trying to access an unsecured webpage.  Unfortunately the internet and local intranets are riddled with these so while they are sometimes an indication of a potential nefarious site it more often is the handy work of a device or vendor that doesn’t have a certificate.  I’ve seen this error with modems, routers, switches, printers and an assortment of other network devices with a WEB GUIs so don’t feel bad if you’ve gotten the error.

There are few options to fix this and they all evolve around lowering your security settings for your browser so (insert warning here).

 

For Chrome:

  • Enable ECDHE and disable DHE (preferable)
  • Use a 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites
  • Disable all DHE SSL cipher suites

 

FireFox:

go to about:config in the address bar. Ignore the warnings, and type ‘dhe’ into the search box.

  • Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it to false (disable Firefox from using this cipher)
  • Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it to false (disable Firefox from using this cipher)

To revert Firefox to it’s normal behavior, just set those two parameters back to true.

 

Safari:

  • get a better a browser

AWARD-WINNING CYBERSECURITY AND I.T. SERVICES

National IT & Cybersecurity Coverage
Managed IT Services
System Audits/Assessments
Design & Installation
Software Implementation
Custom Software Development
Remote Monitoring
24/7 On-Call Support
Cybersecurity
ISO Consulting
SOC Consulting
HIPAA Consulting
Systems Monitoring
Policy Development
Fraud Prevention
Data Protection
Contact
Headquarters
Chicago, Illinois
847-496-5196
Schedule a Consultation