X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

After refreshing Firefox Beta 39.0, the browser will not open a website that opens in a new tab.

Được đăng

"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

The page used to load in a new tab before I selected to Refresh Firefox. I cannot find out how to allow Firefox to open webpages in a new tab when selected from the tab in use.

"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem." The page used to load in a new tab before I selected to Refresh Firefox. I cannot find out how to allow Firefox to open webpages in a new tab when selected from the tab in use.

Giải pháp được chọn

hi, this means that the webserver you're trying to reach is vulnerable to the recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...

Đọc câu trả lời này trong ngữ cảnh 29

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.11
  • Provides additional functionality on Facebook. See our web site for details.
  • Facebook Video Calling Plugin
  • GEPlugin
  • Google Update
  • The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application.
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.31.2 for Mozilla browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • Plug-in for Workspace utilities
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 17.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 11.5
  • 5.1.40416.0
  • WinZip Courier Plugin for Mozilla Firefox
  • NPWLPG
  • Plug-in for Workspace Webmail
  • iTunes Detector Plug-in

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

Thông tin chi tiết

philipp
  • Top 25 Contributor
  • Moderator
5306 giải pháp 23424 câu trả lời
Được đăng

Giải pháp được chọn

hi, this means that the webserver you're trying to reach is vulnerable to the recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...

hi, this means that the webserver you're trying to reach is vulnerable to the recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...
higherdestiny 0 giải pháp 1 câu trả lời
Được đăng

Câu trả lời hữu ích

Workaround for Firefox 39 and above:

1) In FireFox, enter "about:config" in the URL field and press enter. 2) Accept the "This might void your warranty!" warning :) 3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes" 4) Double click each result (128 and 256) to toggle the Value to "false"

Now retry your site - it should work now. Remember to change these settings back when you're done.

Workaround for Firefox 39 and above: 1) In FireFox, enter "about:config" in the URL field and press enter. 2) Accept the "This might void your warranty!" warning :) 3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes" 4) Double click each result (128 and 256) to toggle the Value to "false" Now retry your site - it should work now. Remember to change these settings back when you're done.
Peter 1 giải pháp 7 câu trả lời
Được đăng

Câu trả lời hữu ích

higherdestiny: lifesaver - thank you :)

higherdestiny: lifesaver - thank you :)
neo316 0 giải pháp 1 câu trả lời
Được đăng

@higherdestiny: Your solution worked but are there any cons to it?

Thanks

@higherdestiny: Your solution worked but are there any cons to it? Thanks
cor-el
  • Top 10 Contributor
  • Moderator
17473 giải pháp 157929 câu trả lời
Được đăng

By re-enabling these DHE cipher suites you will make yourself vulnerable to the Logjam attack.

By re-enabling these DHE cipher suites you will make yourself vulnerable to the Logjam attack. *https://developer.mozilla.org/en-US/Firefox/Releases/39/Site_Compatibility#Security
shashi_shas 0 giải pháp 4 câu trả lời
Được đăng

Except any other way to do this about:config ? i mean in programmatically

Except any other way to do this about:config ? i mean in programmatically
cor-el
  • Top 10 Contributor
  • Moderator
17473 giải pháp 157929 câu trả lời
Được đăng

You can only do that via the about:config page, but enabling these two cipher suites is not recommended. You should contact the website and ask them to upgrade their security.

Logjam: How Diffie-Hellman Fails in Practice:


Users of Firefox releases 38 and older can disable these cipher suites and toggle these prefs to false via this extension:

You can only do that via the <b>about:config</b> page, but enabling these two cipher suites is not recommended. You should contact the website and ask them to upgrade their security. Logjam: How Diffie-Hellman Fails in Practice: *https://weakdh.org/ ---- Users of Firefox releases 38 and older can disable these cipher suites and toggle these prefs to false via this extension: *Disable DHE: https://addons.mozilla.org/firefox/addon/disable-dhe/
Peter 1 giải pháp 7 câu trả lời
Được đăng

This is not always possible. In my case, the webpage is served by a legacy PCI raid card - I very much doubt the manufacturer will be doing any updates. My only option (if I want to carry on using Firefox!) is to drop the shields, inspect the raid status etc, then raise the shields again. I just hope there are no Klingons about!

Can anyone suggest any other solutions?

This is not always possible. In my case, the webpage is served by a legacy PCI raid card - I very much doubt the manufacturer will be doing any updates. My only option (if I want to carry on using Firefox!) is to drop the shields, inspect the raid status etc, then raise the shields again. I just hope there are no Klingons about! Can anyone suggest any other solutions?
rubone 0 giải pháp 1 câu trả lời
Được đăng

Thanks for help!

Thanks for help!

Được chỉnh sửa bởi rubone vào

derek500 0 giải pháp 3 câu trả lời
Được đăng

Peter said

This is not always possible. In my case, the webpage is served by a legacy PCI raid card - I very much doubt the manufacturer will be doing any updates. My only option (if I want to carry on using Firefox!) is to drop the shields, inspect the raid status etc, then raise the shields again. I just hope there are no Klingons about! Can anyone suggest any other solutions?

I would like to hear other suggestions for this as well. I have a couple of internal sites. I used to be able to create an exception for _that_ specific site, without disabling all security, after accepting a number of warnings etc. Now I have to use a different browser.

''Peter [[#answer-751156|said]]'' <blockquote> This is not always possible. In my case, the webpage is served by a legacy PCI raid card - I very much doubt the manufacturer will be doing any updates. My only option (if I want to carry on using Firefox!) is to drop the shields, inspect the raid status etc, then raise the shields again. I just hope there are no Klingons about! Can anyone suggest any other solutions? </blockquote> I would like to hear other suggestions for this as well. I have a couple of internal sites. I used to be able to create an exception for _that_ specific site, without disabling all security, after accepting a number of warnings etc. Now I have to use a different browser.