Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Old SSL weak web based management interfaces.

  • 3 replies
  • 1 has this problem
  • 6 views
  • Last reply by cor-el

silicontrip
silicontrip
more options

I get the following error message "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message." I know that the common answer to this question is "contact the web site owner and get them to upgrade" But what happens when I am the website owner, as I own the piece hardware with the https administration interface? I can't upgrade the device because the webserver is built into the firmware, The vendor says the fix is to purchase a new device (at a $$$$$), however the device is still able to perform its task as not much has changed in the industry in the last 20 years except that I'm no longer able to connect to the admin interface. If the device used HTTP I wouldn't have a problem, but because it uses an old HTTPS. I'm starting to get worried as the work arounds are saying this wont be supported in the future.

Have you guys considered this scenario? There are fewer and fewer browsers left for me to administer the device.

I get the following error message "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message." I know that the common answer to this question is "contact the web site owner and get them to upgrade" But what happens when I am the website owner, as I own the piece hardware with the https administration interface? I can't upgrade the device because the webserver is built into the firmware, The vendor says the fix is to purchase a new device (at a $$$$$), however the device is still able to perform its task as not much has changed in the industry in the last 20 years except that I'm no longer able to connect to the admin interface. If the device used HTTP I wouldn't have a problem, but because it uses an old HTTPS. I'm starting to get worried as the work arounds are saying this wont be supported in the future. Have you guys considered this scenario? There are fewer and fewer browsers left for me to administer the device.

All Replies (3)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You can possibly check these logjam related prefs on the about:config page.

silicontrip
silicontrip Question owner
more options

What about the future? Last time I got the warning page it said that it wouldn't support the TLS version my hardware is using in the future (and that I should contact the web site owner) I'm not concerned with how to do it now, I know how, I'm trying to address the problem before all web browsers stop supporting it, Chrome already has removed the ability to communicate with the device, there is no work around. I want to make sure that Devs know that it can't always be solved just by contacting the website owner. This is a valid use case that cannot be solved any other way.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You will probably need to keep an older Firefox version, possibly a portable version to be able to connect to older devices or websites.

You can install a portable (ESR) Firefox version to access websites that do not work with the current Firefox release. The portable version comes with its own profile folder and doesn't interfere with currently installed Firefox versions.