3
1
Is it possible to force the browser to ignore the "Server has a weak ephemeral Diffie-Hellman public key" error? I've tried it on Opera, Chrome and Firefox. But there is nothing too visible that allows me to ignore this.
3
1
Is it possible to force the browser to ignore the "Server has a weak ephemeral Diffie-Hellman public key" error? I've tried it on Opera, Chrome and Firefox. But there is nothing too visible that allows me to ignore this.
5
Yes, just tell the browser you want to use an insecure connection by using the http
protocol instead of https
.
The browser is warning you because you requested a secure connection (via https
), and the public key provided by the server is not secure.
TLS errors are not something users should casually ignore. If you don't care about security, then just tell the browser to use the insecure protocol; don't tell the browser to use the secure protocol and then ignore any errors with the security. That defeats the purpose.
It's not the case that I don't care about security. It's more a matter of urgency: I need to access one site to obtain the barcodes of my water bills and then pay them via internet banking. I called them and asked for them to send me the barcodes via e-mail, they agreed but never sent me. I'm really trying to avoid waiting for them. – Billy Rubina – 2015-07-15T05:30:19.313
4
Answer was given here :
Type in your browser (I tried in Iceweasel)
about:config
Search for
security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha security.ssl3.dhe_rsa
Set them both to
false
(just double click to set them tofalse
ortrue
).
That works for everything but Chrome it appears. In Chrome you must type:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013"
0
For Internet Explorer 11: add this registry key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "ClientMinKeyBitLength"=dword:00000200
1
-1: Not a great idea as this would leave your browser to vulnerable to Logjam. See: http://security.stackexchange.com/questions/89689/what-is-logjam-and-how-do-i-prevent-it
– bwDraco – 2015-07-14T18:53:16.9001@DragonLord That doesn't make sense. The user knows (or should know) exactly what he's doing. And also, in the rules given by the help center, that's is not a feasible reason for closing. – Billy Rubina – 2015-07-15T05:25:01.137
3
I hope the answer is here
– RogUE – 2015-07-22T14:13:32.557