Fix: SSL_Error_Weak_Server_Ephemeral_Dh_Key
Several users are reportedly encountering the SSL_Error_Weak_Server_ephemeral_DH_key error when trying to access certain websites. The issue seems to be specific to the Firefox browser but is only reported to occur with several different builds.
What is causing the SSL_Error_Weak_Server_ephemeral_Dh_key error to appear?
This error is commonly referred to as the Diffie Hellman error and is actually a well-known bug and compatibility issue. It occurs if Firefox actively blocks some ciphers and isn’t offered an alternative by UCCX. It might also be the case that the alternative offered is not accepted by Firefox.
Basically, the error message is saying that the site you’re trying to visit needs to bring its security certificate up to date in order to avoid making yourself vulnerable to Logjam attacks.
Even if the problem is not on your side, you want to access that particular site and ignore security warnings. You can do this quite easily (more on that below).
But first, let’s look at a couple of scenarios that will trigger this particular error message. We investigated this particular error message by looking at various user reports and the methods that they used to get the issue resolved. Based on what we gathered, there are several common factors that will lead to the apparition of this issue:
- Firefox bug – There’s a well-known bug that has been around since Firefox 31 is known to trigger this particular error message. The issue has been addressed since then but you might still come across it on older builds.
- A change in Firefox behavior – With Firefox 33, the browser was switched to a more strict libPKIS – you can no longer disable this library and fall back to the previous NSS code. This is the reason why you can circumvent the issue by clicking on “I Understand the Risks”.
- Key size is used by the website is incompatible with Firefox – Another factor that might trigger the issue is the key size used by the website that you’re trying to visit. Starting with Firefox 33, the browser no longer supports key sizes that are less than 1024 bits.
If you’re currently struggling to resolve this particular error message, this article will provide you with a list of verified troubleshooting steps. Below you have several methods that other users in a similar situation have used to get the issue resolved.
For the best results, follow the methods below in the order that they are presented until you discover a fix that is effective in circumventing the issue in your particular scenario.
Method 1: Update Firefox to the latest version
Let’s start by making sure that your Firefox is updated to the latest version. Making sure that you’re running the latest version available will eliminate the possibility of this error occurring due to a bug.
Several affected users have reported that for them the issue has been resolved after they updated the browser to the latest build. Here’s a quick guide on how to do this:
- Open Firefox and click the action button in the top-right corner. Then, go to Help and click on About Firefox.
Accessing the Help menu of Firefox - In the About Mozilla Firefox window, click on Restart to update Firefox and wait until the process is complete. If prompted by the Firefox Updater UAC (User Account Control), choose Yes to grant admin privileges.
Updating Firefox to the latest version - Once Firefox is restarted, visit the same website that was previously giving you troubles and see if you’re still encountering the same error message.
If you’re still seeing the SSL_Error_Weak_Server_ephemeral_DH_key error, move down to the next method below.
Method 2: Substituting the insecure fallback host
Most of the users encountering the SSL_Error_Weak_Server_ephemeral_DH_key error have managed to get the issue resolved by entering the hidden Firefox config menu and setting the security.tls.insecure_fallback_hosts string to the domain that is showing the error message.
Here’s a quick guide on how to do this:
- Open Firefox, type “about:config” in the navigation bar and press Enter.
Accessing the Config menu of Firefox - When the “This might void your warranty!” screen pops up, click on I accept the risk!.
Entering the Config menu by acknowledging that you accept the risks - Once you arrive in the config menu, paste “security.tls.insecure_fallback_hosts” in the search bar and press Enter to locate the string that we need to modify.
Searching for the security.tls.insecure_fallback_hosts string - Once you locate it, double-click on it to open it’s associated dialog box. Inside the Enter string value box, type or paste the domain that you experience the error message with and hit Ok.
- Restart Firefox and see if you’re still encountering the same error message.
If you’re still encountering the same error message, move down to the next method below.
Method 3: Enabling SSL3 preferences
Several users managed to resolve the Secure Connection Failed (ssl_error_weak_server_ephemeral_dh_key) error by enabling a couple of preferences from the about:config menu.
This particular fix was reportedly effective for a lot of users that were unable to access their router due to this particular error message. Here’s a quick guide on enabling the SSL3 preferences:
- Open Firefox, type about:config in the navigation bar and press Enter open the hidden Config menu.
Accessing the Config menu of Firefox - When the “This might void your warranty!” screen pops up, click on I accept the risk!.
Acknowledging the warning sign - Inside the Config menu, use the search function to find the following boolean entry:
security.ssl3.dhe_rsa_aes_128_sha
- If the value of this boolean is not set to False, double-click on it to do it yourself.
Making sure that the first boolean is set to True - Use the same search function to search for the second boolean entry:
security.ssl3.dhe_rsa_aes_256_sha
- Same as before, if the value is true, double-click on it to set it to False.
Setting the Boolean to false - Once the two modifications have been completed, restart Firefox and see if the error message has been resolved at the next startup.
