BadSSL reports Firefox supports connection settings "that are outdated and known to have significant security flaws" (dh1024)
The site badssl.com dashboard flagged broken cryptography for subdomain "dh1024": "This site uses an ephemeral Diffie-Hellman key exchange over a 1024-bit group."
Is there anything I need to do to fix this? Or does this require a Firefox fix?
All Replies (2)
Hi pinellas, I don't know why the DHE is disabled at 512 and not 1024. I assume that is intentional.
If you want to disable DHE-handshake ciphers, here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type or paste DHE and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch the value from true to false
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch the value from true to false
I turned those off after the logjam vulnerability was made public and haven't noticed any ill effects.
Don't disable ECDHE ciphers or Firefox wont be able to connect to most sites.
Modified by jscher2000 - Support Volunteer
If you think that should be a global setting, you could file a bug: