Fix error message ssl_error_weak_server_ephemeral_dh_key - how it works
The error message "ssl_error_weak_server_ephemeral_dh_key" appears on certain websites with insufficient encryption. As a user, you can only partially correct the problem, because the actual problem is not yours.
Security notice in the browser - the cause of the problem
- The error message relates to the TLS protocol in connection with a Diffie-Hellmann key exchange.
- This protocol is actually there to ensure that your data is transmitted securely.
- In certain constellations, however, the system has a critical weak point. Attackers can use a trick to rapidly reduce the encryption strength of the procedure and thus get the actually encrypted data.
- Although the vulnerability has been known for a long time, not all server administrators have switched to other types of encryption. Most browsers therefore refuse to connect with the said error message.
- As an end user, there is nothing you can do about the actual problem. However, you can accept the insecure connection and still transfer data.
Unsafe workaround for Firefox
If you want to connect to a server despite the security risk, you can use this workaround for Firefox:
- Start Firefox and enter "about: config" in the address bar. Accept the subsequent security warning.
- Now copy the line "security.ssl3.dhe_rsa_aes" into the search bar. Two entries then appear (see screenshot).
- Change the value of both entries by double-clicking on "false".
- Then the connection should work.