This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

dhe exchange warnings confusing people

  • 3 replies
  • 1 has this problem
  • 1 view
  • Last reply by doubleg76

more options

Good day.

We're starting to see the error from our user base and our employees.

Looks like this An error occurred during a connection to gb-dc3-bm09.liquidweb.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

What I don't understand about this error is its saying it can not communicate because of a weak key - ok. That is fine.

Is there a reason the cipher isn't disabled in the first place? I feel its confusing to people, and if disabling the cipher with the weak key support results in the fix, I think it would be a smarter move instead of throwing the said warning.

Good day. We're starting to see the error from our user base and our employees. Looks like this An error occurred during a connection to gb-dc3-bm09.liquidweb.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. What I don't understand about this error is its saying it can not communicate because of a weak key - ok. That is fine. Is there a reason the cipher isn't disabled in the first place? I feel its confusing to people, and if disabling the cipher with the weak key support results in the fix, I think it would be a smarter move instead of throwing the said warning.

All Replies (3)

more options

That happens when users go to HTTPS websites that are using older security with an up-to-date web browser that has the most recent security patches for known exploits.

Users can "allow" per domain thru a hidden preference in Firefox, but that isn't easy for the "average user", not is it advised. Each website needs to fix their security on their server, to protect the users of their website.

Logjam is the latest exploit that has been fixed and is causing issues in the latest browser versions which have the 'patches'. Mid-May 2015 is when it came to light in public by security researchers. Browser developers were informed months before to allow them time to develop 'patches' or to deprecate the involved protocols. https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

more options
more options

cor-el & the-edmeister

Thanks for the responses! Certainly more info is helpful. I wanted to let you know I understand the aspects behind this issue, but the info is excellent.

More towards what I was wanting to convey is the following:

The warning is confusing.

The browser allows the connection in the config.

The browser throws a warning.

Disable the support for the support for the weak key and on a majority of sites the confusion goes away due to a higher bit key being exchanged at connection and things work without said confusion.

I also am confused because I thought that previous to these warnings we / Mozilla and other browsers disabled the ssl3 based protocol connections.

So I'm wondering if some type of change occurred either planned or unexpectedly due to possible regression.