為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

(ssl_error_weak_server_ephemeral_dh_key) error on ONE site (W764)- other machine (W764) does NOT have this error --difference avast/mcafee and w7 H Prem vs Pro

  • 3 回覆
  • 2 有這個問題
  • 1 次檢視
  • 最近回覆由 cor-el

foxisgood
foxisgood
more options

I have seen many reports wbout login fails for the ssl_error_weak_server_ephemeral_dh_key. This happens to me on ONE website ( local library) and ONE of my 2 W7 machines. Fails on W7/64 with McAfee and W7Pro Succeeds on W7/64 with Avast and W7 Home Premium

Just started failing in the last 2 weeks.

I have tried to read the fixes, but the information was sparse . I can get around a computer, but I don't know much about the structure of FF and I need a detailed method. Plus there are the warnings about 'logjams'. I keep coming back to one machine works and one doesn't. Both running 39.0 and settings are identical as far as I can tell -- I even tried to scan the troubleshooting info.

Thanks,

I have seen many reports wbout login fails for the ssl_error_weak_server_ephemeral_dh_key. This happens to me on ONE website ( local library) and ONE of my 2 W7 machines. Fails on W7/64 with McAfee and W7Pro Succeeds on W7/64 with Avast and W7 Home Premium Just started failing in the last 2 weeks. I have tried to read the fixes, but the information was sparse . I can get around a computer, but I don't know much about the structure of FF and I need a detailed method. Plus there are the warnings about 'logjams'. I keep coming back to one machine works and one doesn't. Both running 39.0 and settings are identical as far as I can tell -- I even tried to scan the troubleshooting info. Thanks,

被選擇的解決方法

You can compare the settings of the involved prefs.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Note that the DHE cipher suites were disabled for a reason and re-enabling them will make you vulnerable for the Logjam attack. You can consider to use a separate profile with the two involved cipher suites enabled and use that profile for accessing the blocked sites.

從原來的回覆中察看解決方案 👍 1

所有回覆 (3)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Firefox 39 and later include a fix for the Logjam vulnerability and have disabled vulnerable DHE cipher suites that are involved with the Logjam attack.

Logjam: How Diffie-Hellman Fails in Practice:

See also:

foxisgood
foxisgood 提出問題者
more options

This does not solve my issue. Firefox allows the connection on one W7 machine and disallows it on the other. Both are set up identically to the best of my knowledge.

The differences are McAffe/Avast and W7 Pro /W7 Home Prem

Both are version 39. Settings are identical

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

選擇的解決方法

You can compare the settings of the involved prefs.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Note that the DHE cipher suites were disabled for a reason and re-enabling them will make you vulnerable for the Logjam attack. You can consider to use a separate profile with the two involved cipher suites enabled and use that profile for accessing the blocked sites.