August 11, 2016

Web Browser Error Weak Ephemeral Diffie-Hellman Key

If you receive error message in Firefox:

"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

You first want to patch this server for logjam TLS vulnerabilities (CVE-2015-4000) and if it is a Java based container you also want to set -Djdk.tls.ephemeralDHKeySize=2048.

See also https://access.redhat.com/solutions/1498223

No comments: