Firefox SSL Error

I am currently running Firefox 38.0.5 on my Archlinux. After a recent update I started getting an SSL error on some https websites as below.

Secure Connection Failed

An error occurred during a connection to bancaincasa.sba.bcc.it. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

This is because Firefox now requires 1024bit keys to avoid Logjam vulnerability. I saw a bug report in redhat bugzilla and a discussion in mozillazine on this. There is also a discussion on the Manjaro forum, which also says there is no problem in current windows installations. In short words, the server has a weak key which should be replaced with a stronger one. This is going to be like this from Firefox 39 onwards.

Temperory workarounds include install the Disable DHE extension from mozilla and downgrading openssl and nss on Archlinux. The extension seems to be the better solution at the moment to avoid other possible vulnerabilities by using older openssl. However this is not a safe option in long run. I expect the extension to stop working in FF39 or pretty soon after that.

2 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *