When we open an HTTPS website with Firefox, we may fail with the following error message:
An error occurred while a secure connection failed to connect to a URL URL. SSL received a weak temporary Diffie-hellman key in the server key exchange handshake information.
Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY)
If you switch to Google Chrome to open this same page will also error, and prompted:
The server's instantaneous Diffie-hellman public key is too weak to Err_ssl_weak_server_ephemeral_dh_key, and opens the details to see "This error occurs when you connect to a secure (HTTPS) server. This means that the server is trying to establish a secure connection, but because of a serious configuration error, the connection will be unsafe! In this case, the server needs to be repaired. To protect your privacy, Google Chrome does not use unsecured connections. ”
If you switch to QQ or other browser also cannot open this website and get similar Diffie-hellman key too weak error prompt. This is due to the weak SSL encryption suite on the site server, compared to the earlier version of the browser only support 40 or 56-bit encryption, such key short encryption algorithm several years ago has been proven to be cracked, like the new version of Firefox, Google, the information security requirements of the more stringent browser, The website operator is proactively required to update the encryption suite to improve the security of website access. If you are just ordinary online users need to open this site, it is recommended that you use IE, cheetah, Opera browser to open the Web page can be, although the encryption bit is not strong, but always more than the HTTP website information is much better than bare.
Of course, if you have been accustomed to using Firefox, you can also install a security plug-in to fix this forced elevation weak temporary Diffie-hellman key problem, plug-in: Https://addons.mozilla.org/en-us/firefox/addon /disable-dhe/
If you are the operator of the problem site, you have two ways to resolve the issue, either by choosing the Symantec Secure Site Pro SSL certificate or by choosing the Symantec Secure Site Pro with EV SSL certificate. The SGC (server gating technology) used by these two certificates enables the mandatory encryption to Diffie-hellman key upgrade to 128-bit. Another way is to configure the earlier 40, 56-bit unsecured encryption suite to remove all disabled, so that the server and the browser SSL transmission to receive the minimum 128-bit encryption information, but this method allows us to abandon the early version of the browser user community, their data exchange with the server is not encrypted, and may not be able to open the site.
Of course, many people who use SSL certificates may be just to get rid of browser-wide ads, and for some browsers I can not tolerate the placement of ads, and decisively discard
How to handle server SSL received a weak temporary Diffie-hellman key?