Menu
While I'm trying to visit a specific website (that one: https://login.uj.edu.pl) I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key". More about the issue there: https://productforums.google.com/forum/#!topic/chrome/o3vZD-Mg2Ic
I know that it should be fixed by a webmaster but until it happens I have to access the page every day anyway. I found an extension to Firefox to avoid this error: https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/
Now i want to get rid of the error in Google Chrome (well, Chromium actually). Is there any possibility to make it work? It's my university's page and it can take years for the site administrator to fix that secure connection issue.
What's strange the problem occurs in Linux only, in all the browsers. In Windows, Chrome-OS or Android there is nothing wrong. I know that using insecure connection is wrong but in that case I have no choice.
EDIT: I cannot accept any solution because the site I was trying to access changed its encryption to the right one. Now I can't test your solutions because the problem is already solved by site admins.
828
There are two methods commonly used to agree on shared secrets: have one party use some long-term asymmetric key to encrypt the secret and send it to the owner of the key (like in an RSA key exchange), or have both parties exchange messages that contribute to the computed shared secret (what we call Diffie-Hellman key ...
Diffie-Hellman Ephemeral (DHE) is a modification of the Diffie-Hellman key-exchange that used static keys. A cryptographic key is called ephemeral if it is generated for each execution of a Key-Exchange process.
Ephemeral Diffie-Hellman – This is considered the most secure implementation because it provides perfect forward secrecy.
The Diffie–Hellman Problem (DHP) is the problem of computing the value of gab (mod p) from the known values of ga (mod p) and gb (mod p). It is clear that the DHP is no harder than the DLP.
The solution is:
Type in your browser (I tried in Iceweasel)
about:config Search for
security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha Set them both to false (just double click to set them to false or true).
That's it!
128
This solution worked for me:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013 The recent release (Sep. 1) to Chrome 45 contains the fix for the Logjam attack as detailed in https://weakdh.org but it introduce this kind of problem.
I found it in this post
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
