Server has a weak ephemeral Diffie-Hellman public key. How to by-pass it?
Solution 1
The solution is:
Type in your browser (I tried in Iceweasel)
about:config
Search for
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
Set them both to false (just double click to set them to false or true).
That's it!
Solution 2
This solution worked for me:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
The recent release (Sep. 1) to Chrome 45 contains the fix for the Logjam attack as detailed in https://weakdh.org but it introduce this kind of problem.
I found it in this post
Solution 3
Quick hack to get around this issue (Mac OSX)
- Run this in commandline to workaround the issue while launching Chrome
Chrome:
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
Canary:
open /Applications/Google\ Chrome\ Canary.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
For Firefox
- Go to about:config
- Search for
security.ssl3.dhe_rsa_aes_128_shaandsecurity.ssl3.dhe_rsa_aes_256_sha - Set them both to false.
NOTE: Permanently fix would be to update the DH key with a length > 1024
Solution 4
Use netsurf (netsurf aur) on that site. I am on the same boat with you. Using Arch and Chromium and Firefox both refuses to enter certain websites. Netsurf can do the job for me.
Solution 5
Are you by any chance on the Chrome development channel, or possibly the Beta channel? I know that the dev channel currently has some stricter rules on SSL keys, and Beta might as well. You might try getting the stable release from https://www.chromium.org/getting-involved/dev-channel and see if that runs without the error.
Related videos on Youtube
08 : 40
07 : 13
05 : 01
02 : 50
12 : 10
33 : 10
10 : 10
02 : 10
03 : 06
02 : 16
05 : 40
06 : 02
koras
Updated on January 28, 2020Comments
-
koras over 4 years
While I'm trying to visit a specific website (that one: https://login.uj.edu.pl) I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key". More about the issue there: https://productforums.google.com/forum/#!topic/chrome/o3vZD-Mg2Ic
I know that it should be fixed by a webmaster but until it happens I have to access the page every day anyway. I found an extension to Firefox to avoid this error: https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/
Now i want to get rid of the error in Google Chrome (well, Chromium actually). Is there any possibility to make it work? It's my university's page and it can take years for the site administrator to fix that secure connection issue.
What's strange the problem occurs in Linux only, in all the browsers. In Windows, Chrome-OS or Android there is nothing wrong. I know that using insecure connection is wrong but in that case I have no choice.
EDIT: I cannot accept any solution because the site I was trying to access changed its encryption to the right one. Now I can't test your solutions because the problem is already solved by site admins.
-
nealmcb almost 9 yearsThis question is off-topic here, but well suited for the browser-ninjas at superuser.com
-
-
koras about 9 yearsI'm on Arch Linux so I have this: archlinux.org/packages/?name=chromium . It's stable, just a built binary. It's strange.
-
Count almost 9 yearsThis works fine , but on restart problem arises again. Is there a permanent fix too -
Farrukh Chishti almost 9 yearsThis works only in Firefox. In chrome it says, "the web page is not available" -
anderas almost 9 yearsThe question asked about client-side solutions, not server-side ones!
-
Admin almost 9 yearsMy Problem is fixed after changing at server side and i din't see anywhere this is asked for client side , This issue we getting in browser does mean we have to fix on client side only . -
r5d almost 9 yearsThis is not an answer.
-
anderas almost 9 yearsThe question asked about connecting to a badly configured server with chromium. This is a client-side problem! (Also, tomcat was mentioned nowhere in the question.)
-
vasa over 8 years@QualtarDemix Check stackoverflow.com/a/32486388/1672655 for Chrome/Firefox fix.
-
samwyse over 8 yearsI right-clicked on the Chrome icon and chose Properties. In the Target field, append this: --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
-
Farrukh Chishti over 8 yearsGetting error:'open' is not recognized as an internal or external command, operable program or batch file.
-
Farrukh Chishti over 8 yearsOn trying that solution I am getting an error: 'open' is not recognized as an internal or external command, operable program or batch file.
-
vitaut over 8 yearsThis should probably be a comment on Duccio Fabbri answer because it doesn't add anything useful.
-
bharatpatel over 8 yearsI added the why that how any buddy can use it. by Duccio Fabbri i got they way. and after that i found how to do that , that's why i added as an answer. ultimate goal for this is USE of answer. @vitaut
