Tech Info 173: Firefox 39 or newer – HTTPS connections may not work with WebShare

HELIOS Tech Info #173

Wed, 19 Augst 2015

Firefox 39 or newer – HTTPS connections may not work with WebShare

We received customer reports that current Firefox (version 39 or newer) does no longer allow connections to a WebShare server using the HTTPS protocol. The reason is the dropped support for short DHE keys as used by older Java releases.

From the Firefox release notes:

In order to prevent "Logjam" man-in-the-middle attacks, the lower length of the supported Ephemeral Diffie-Hellman (DHE) keys has been limited to 1023-bit. 512-bit export-grade cryptography is no longer available in the Mozilla products, and users may encounter the following error message on sites offering such a weak key:
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

To fix this issue, the server needs to be upgraded to the latest Java version (Java 8) which does no longer offer such weak DHE key exchange.

For example, Firefox 40 does work using Java 1.8.0_51.