How to handle server SSL received a weak temporary Diffie-hellman key?

Source: Internet
Author: User
Tags ssl certificate

Processing server SSL received a weak temporary Diffie-hellman key

When we open an HTTPS website with Firefox, we may fail with the following error message:
An error occurred while a secure connection failed to connect to a URL URL. SSL received a weak temporary Diffie-hellman key in the server key exchange handshake information.

If you switch to Google Chrome to open this same page will also error, and prompted:
The server's instantaneous Diffie-hellman public key is too weak to Err_ssl_weak_server_ephemeral_dh_key, and opens the details to see "This error occurs when you connect to a secure (HTTPS) server. This means that the server is trying to establish a secure connection, but because of a serious configuration error, the connection will be unsafe! In this case, the server needs to be repaired. To protect your privacy, Google Chrome does not use unsecured connections. ”

If you switch to QQ or other browser also cannot open this website and get similar Diffie-hellman key too weak error prompt. This is due to the weak SSL encryption suite on the site server, compared to the earlier version of the browser only support 40 or 56-bit encryption, such key short encryption algorithm several years ago has been proven to be cracked, like the new version of Firefox, Google, the information security requirements of the more stringent browser, The website operator is proactively required to update the encryption suite to improve the security of website access. If you are just ordinary online users need to open this site, it is recommended that you use IE, cheetah, Opera browser to open the Web page can be, although the encryption bit is not strong, but always more than the HTTP website information is much better than bare.

Of course, if you have been accustomed to using Firefox, you can also install a security plug-in to fix this forced elevation weak temporary Diffie-hellman key problem, plug-in: Https:// /disable-dhe/

If you are the operator of the problem site, you have two ways to solve the problem, one is to choose Symantec Secure Site Pro SSL Certificate or choose Symantec Secure Site Pro with EV SSL certificate , the SGC (server gating technology) used by these two certificates enables the mandatory encryption to Diffie-hellman key upgrade to 128-bit. Another way is to configure the earlier 40, 56-bit unsecured encryption suite to remove all disabled, so that the server and the browser SSL transmission to receive the minimum 128-bit encryption information, but this method allows us to abandon the early version of the browser user community, their data exchange with the server is not encrypted, and may not be able to open the site.

If you are not currently a "-evtrust" customer, our online advisors can also provide you with any solutions to problems related to server weak temporary Diffie-hellman keys, and if you need our technical engineer assistance, pay only a small amount of labor service fees.

How to handle server SSL received a weak temporary Diffie-hellman key?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.