Tuesday, September 8, 2015

Chrome version 45 and weak Diffie-Hellman public key

You upgraded chrome.

It's important to understand changes being made to the browser before installing updates.

Chrome 45 blocks all https connections when the cipher suite is diffie-hellman and the DH keysize is < 1024 bits.






Solutions:

1.       Upgrade your web server to use 2048-it Diffie-Hellman group.

2.       Temporary solutions for Chrome
          
     - open CMD/DOS
      - Navigate to the directory where chrome.exe lives and then paste:   

chrome.exe --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

or 

                        "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013


More info for Weak Diffie-Hellman and the Logjam Attack:


No comments:

Post a Comment