This thread was archived. Please ask a new question if you need help.
You blocked UnitedHealthCare.com, this is a secure site. I need this for my work. I will have to change browsers now.
I am a medical insurance biller. I downloaded Windows 8, and Mozilla Firefox so that I could use United Healthcare Authorizations because they stopped allowing use on Google Chrome. I tried to get on the site, and the message I received was:
"An error occurred during a connection to saml2.radiologynotifications.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
When I looked this up, it said that your site said this was a malicious site and blocked it. This is a secure site. And I need this site for my work. I have been doing this for 15 years, and If I cannot use this I will be forced to use another browser.
Can you please help me?
All Replies (3)
This Connection is Untrusted is sometimes caused because the computer system clock is wrong. Check the time / date / time zone settings.
Hi Mightyhunter, this error message indicates that the site is trying to use an obsolete encryption cipher which is vulnerable to the "Logjam" attack that was in the news earlier this year.
What does that mean?
Even though you trust the server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.
What can you do now?
The very best solution for the protection of all users of that server is for
United Health CareCore National to change some settings on the server. Since the information you can view on the server is most likely very sensitive, this fix is overdue, and we encourage you to report the problem ASAP.
If you cannot wait, you can try disabling these old ciphers in your Firefox, which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste dhe and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)
Then try the site again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.
Modified by jscher2000
For the record:
- the radiologynotifications.com domain is registered to CareCore National, LLC in whois
- the IP address of the server at 18.104.22.168 is listed as being controlled by CareCore National, LLC at ARIN
Therefore, I think you would direct your concern to them instead of UHC.
They also seem to trade as eviCore Healthcare: https://www.carecorenational.com/
Modified by jscher2000