X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Secure Connection Failed

Được đăng

An error occurred during a connection to 192.168.1.24:2400. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)


Am getting this error .. how do i solve ?

An error occurred during a connection to 192.168.1.24:2400. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Am getting this error .. how do i solve ?

Giải pháp được chọn

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • DivX Web Player version 1.4.0.233
  • The IcedTea NPR Web Browser Plugin (using IcedTea6 1.9.10 (fedora-55.1.9.10.fc14-i386)) executes Java applets.
  • The Totem 2.32.0 plugin handles video and audio streams.
  • This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (X11; Linux i686; rv:39.0) Gecko/20100101 Firefox/39.0

Thông tin chi tiết

guigs 1072 giải pháp 11697 câu trả lời
Được đăng

I believe that this patch to the NSS 3.19.1 was when this is enabled. Is your NSS version (listed in about:support page)?

I believe that this patch to the NSS 3.19.1 was when this is enabled. Is your NSS version (listed in about:support page)?
cor-el
  • Top 10 Contributor
  • Moderator
17413 giải pháp 157295 câu trả lời
Được đăng

Yes those prefs have been disabled in the current Firefox beta release.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

See also:

Yes those prefs have been disabled in the current Firefox beta release. *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha See also: *[https://bugzilla.mozilla.org/show_bug.cgi?id=1166031 bug 1166031] - Update to NSS 3.19.1
philipp
  • Top 25 Contributor
  • Moderator
5287 giải pháp 23362 câu trả lời
Được đăng

hi, this means that the webserver you're trying to reach is vulnerable to the recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...

hi, this means that the webserver you're trying to reach is vulnerable to the recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...
cor-el
  • Top 10 Contributor
  • Moderator
17413 giải pháp 157295 câu trả lời
Được đăng

Giải pháp được chọn

See also: *https://weakdh.org/
Mihai Moldovan 0 giải pháp 2 câu trả lời
Được đăng

The problem can be solved by downgradeing the following libraries: nss nss-sysinit nss-util nss-softokn nss-softokn-freebl nss-tools nss-sysinit

[code]

  1. dnf downgrade nss nss-sysinit nss-util nss-softokn nss-softokn-freebl nss-tools nss-sysinit

/code

http://www.forum.internettechnology.ro/viewtopic.php?f=10&t=40&sid=7f8efac987c57f1ad48a2c94e249fe6f

The problem can be solved by downgradeing the following libraries: nss nss-sysinit nss-util nss-softokn nss-softokn-freebl nss-tools nss-sysinit [code] # dnf downgrade nss nss-sysinit nss-util nss-softokn nss-softokn-freebl nss-tools nss-sysinit [/code] http://www.forum.internettechnology.ro/viewtopic.php?f=10&t=40&sid=7f8efac987c57f1ad48a2c94e249fe6f

Được chỉnh sửa bởi Mihai Moldovan vào

Mihai Moldovan 0 giải pháp 2 câu trả lời
Được đăng

Solved with the new update of NSS* libraries. New version nss-*-3.19.2.

Solved with the new update of NSS* libraries. New version nss-*-3.19.2.
ejep520 0 giải pháp 7 câu trả lời
Được đăng

Câu trả lời hữu ích

cor-el said

Yes those prefs have been disabled in the current Firefox beta release.
  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
See also:

Sadly, I need to turn these off because our network administrator runs a server that is vulnerable to logjam and absolutely necessary to my day-to-day and hour-to-hour job duties. Not being able to connect to it right out of the gate w/o fiddling with the config settings was probably a smart idea for the masses, but a smart mass like me needs to get on with things. Maybe an exception page for this is worth considering?

''cor-el [[#answer-738806|said]]'' <blockquote> Yes those prefs have been disabled in the current Firefox beta release. *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha See also: *[https://bugzilla.mozilla.org/show_bug.cgi?id=1166031 bug 1166031] - Update to NSS 3.19.1 </blockquote> Sadly, I need to turn these off because our network administrator runs a server that is vulnerable to logjam and absolutely necessary to my day-to-day and hour-to-hour job duties. Not being able to connect to it right out of the gate w/o fiddling with the config settings was probably a smart idea for the masses, but a smart mass like me needs to get on with things. Maybe an exception page for this is worth considering?
cor-el
  • Top 10 Contributor
  • Moderator
17413 giải pháp 157295 câu trả lời
Được đăng

Maybe use a second profile that has the prefs set to true to access these pages.

Maybe use a second profile that has the prefs set to true to access these pages. *https://developer.mozilla.org/Mozilla/Multiple_Firefox_Profiles
OnTheRoad41 0 giải pháp 19 câu trả lời
Được đăng

Can someone put this in plain English? I can't log on to our United employee website with the latest Firefox (I am up to date) without getting the error mentioned in the first post (An error occurred during a connection to 192.168.1.24:2400. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) ).

Can someone put this in plain English? I can't log on to our United employee website with the latest Firefox (I am up to date) without getting the error mentioned in the first post (An error occurred during a connection to 192.168.1.24:2400. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) ).
jscher2000
  • Top 10 Contributor
8634 giải pháp 70618 câu trả lời
Được đăng

Câu trả lời hữu ích

Hi OnTheRoad41, this error message indicates that the site is trying to use an obsolete encryption cipher which is vulnerable to the "Logjam" attack that was in the news earlier this year.

What does that mean?

Even though you trust the server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.

What can you do now?

The very best solution for the protection of all users of that server is for United to change some settings on the server. If the information you can view on the server is sensitive, then this fix is overdue, so we encourage you to report the problem ASAP.

If you cannot wait, you can try disabling these old ciphers in your Firefox, which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)

Then try the site again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.

Success?

Hi OnTheRoad41, this error message indicates that the site is trying to use an obsolete encryption cipher which is vulnerable to the "Logjam" attack that was in the news earlier this year. ''What does that mean?'' Even though you trust the server, a "Logjam" attack compromises the security of ''your individual connection'' to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection. ''What can you do now?'' The very best solution for the protection of all users of that server is for United to change some settings on the server. If the information you can view on the server is sensitive, then this fix is overdue, so we encourage you to report the problem ASAP. If you cannot wait, you can try disabling these old ciphers ''in your Firefox,'' which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (2) In the search box above the list, type or paste '''dhe''' and pause while the list is filtered (3) Double-click the '''security.ssl3.dhe_rsa_aes_128_sha''' preference to switch it from true to false (disable Firefox from using this cipher) (4) Double-click the '''security.ssl3.dhe_rsa_aes_256_sha''' preference to switch it from true to false (disable Firefox from using this cipher) Then try the site again; you might have to reload the page using Ctrl+Shift+r to bypass cached information. Success?
OnTheRoad41 0 giải pháp 19 câu trả lời
Được đăng

Thanks! That solved the problem of not being able to logon. United is notorious for not being friendly to computer users. They have their protocols, thank you very much, so don't bother them.

Thanks again.

Thanks! That solved the problem of not being able to logon. United is notorious for not being friendly to computer users. They have their protocols, thank you very much, so don't bother them. Thanks again.
CrazySoul 0 giải pháp 2 câu trả lời
Được đăng

Hope your problem is solved now.

Hope your problem is solved now.

Được chỉnh sửa bởi CrazySoul vào