BlueGoose
asked on
Have a question regarding weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
Hopefully this is an easy fix as I don't truly understand ciphers etc...
We have a spam filter (Websense). Our users get emailed a link daily allowing them to see what spam they have. If they use Firefox they get an error message with the following:
An error occurred during a connection to c*****:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephe meral_dh_k ey)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Is the issue on the server end or in Firefox? I've installed IIS Crypto on the Server so I can see protocols, ciphers, cipher suites, Hashes Key Exchanges etc but am unsure on what to do. I also have seen the work around where you can go into the config of Firefox and change some setting to false to bypass some of the security settings but this doesn't seem like a practical solution.
Ideas or help?
fwiw users with Chrome get a similar message but IE and Opera users can connect fine?
Thanks
We have a spam filter (Websense). Our users get emailed a link daily allowing them to see what spam they have. If they use Firefox they get an error message with the following:
An error occurred during a connection to c*****:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephe
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Is the issue on the server end or in Firefox? I've installed IIS Crypto on the Server so I can see protocols, ciphers, cipher suites, Hashes Key Exchanges etc but am unsure on what to do. I also have seen the work around where you can go into the config of Firefox and change some setting to false to bypass some of the security settings but this doesn't seem like a practical solution.
Ideas or help?
fwiw users with Chrome get a similar message but IE and Opera users can connect fine?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It ended up being an issue on the server side. My vendor needed to load a new xml file that was compatible with the new security that Firefox has in it's latest update
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for BlueGoose's comment #a40997706
for the following reason:
Ended up being a server side issue and nothing to do with the browser
Accepted answer: 0 points for BlueGoose's comment #a40997706
for the following reason:
Ended up being a server side issue and nothing to do with the browser
ASKER
Assigning points as you did mention in your answer that the issue may lie on the server side
TLS_ECDHE_RSA_WITH_AES_128
TLS_ECDHE_RSA_WITH_AES_256
TLS_ECDHE_RSA_WITH_3DES_ED