How can I add sites to a trusted list?
All of a sudden can no longer access our projectors am getting ;
An error occurred during a connection to 172.16.1.102. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
This is on our local intranet and I do not care if te key is outdated or not.
Can anything be done.
Thank you,
Mark D. Budnick
All Replies (3)
Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Logjam: How Diffie-Hellman Fails in Practice:
Note that there is no trusted list in Firefox. It is all or nothing, so if you would enable involved cipher suites then you will make yourself vulnerable, so proceed with caution and consider a second profile with the cipher suite enabled instead of enabling them in you current profile.
I'm not sure whether it was clear what you should do now based on the above replies. Or maybe that solved your problem and you didn't have time to confirm here. So at the risk of duplication...
Your projector's embedded web server, or an actual web server managing the interface, is trying to connect using an obsolete encryption cipher which is vulnerable to the Logjam attack that was in the news earlier this year.
What does that mean?
Even though you trust the device/server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.
Now... with an internal device/server, this may not seem like much of a concern but if your network does have an intruder, this attack would allow them to read your login for the device/server, which could lead to other problems.
What can you do now?
The very best solution is to update the embedded/front-end web server. As an immediate workaround, you can try disabling these old ciphers in your Firefox, which hopefully will force the device/server to try some more secure ciphers when connecting with you. (This also helps with old servers on the web.) Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste dhe and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)
Then try the connection again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.
Success?