How to disable weak ephemeral Diffie-Hellman public key error
-
charlieb3 last edited by
I agree with vikont - There needs to be a way for the user to make the choice whether to proceed or not. I'm an Instructor of Web Development at a local University and I can't get to the University web site using Opera - I can with every other browser, but not Opera! I certainly will tell all my students not to go near the Opera browser in my class if this isn't fixed.
-
jm4444 last edited by
If you post a link to a page that throws that error, someone here might be able to help (maybe).
-
vikont last edited by
Here you are: https://www.freephoneline.ca
Surprisingly enough, this site allows for a non-encrypted http connection (that's bad!), and Opera is perfectly OK with it...
-
leocg Moderator Volunteer last edited by
I don't think you will be able to disable the block: http://blogs.opera.com/security/2015/06/unjam-the-logjam/
-
slovardzen last edited by
This is very severe. Users should be able to choose what they want to do.
I was the only guy here at an industrial software company that was a defender for Opera. Not anymore.
60% of the sites I am using to work are returning this message. I can't stay all day long copying and pasting the links from Opera to Chrome.
Unfortunately, I will stop using Opera. Hope the developers fix this issue asap.
-
markrcarterjdphd last edited by
Last week, I started getting the Diffie-Hellman error when logging into my online softphone. Opera was the only browser that correctly enabled the phone. I worked-around the problem by deleting browsing data. At first a day would work. Then, I had to delete a week, then a month. Now even a month won't work. I managed to login by opening a private window. That stopped working today.
-
blackbird71 last edited by
At root, this breaks down to a question of convenience versus security, which is an age old conflict. Ultimately, employing any degree of security protection inherently implies a corresponding degree of inconvenience. Some of those software makers who supply a communications portal for users believe they have an obligation to protect user security to the best degree possible, even if that means breaking communications paths for those link partners not employing up-to-date security protocols (and hence certificates). Because any user setting that allows the user to bypass a portal security protection opens up the possibility of exploitation, either directly or inadvertantly and either immediately or later on, some security-conscious software makers elect not to provide user bypass options for their built-in security protection elements. Opera is such a maker. Possibly Mozilla will be as well, depending on how they implement their DH fix.
One can argue endlessly about whether a software maker should protect a user from himself, or to what degree. Experienced users may indeed be wise enough to intelligently and carefully relax certain security settings for certain situations; but all too often, either those settings are neglected to be reversed thereafter or inexperienced users relax the settings just to make some favorite 'trivial' site work properly and never think to reverse them for sites where true security/privacy really matter.
In any case, the ultimate industry goal is that all websites and all browsers be upgraded to omit such evident https encryption and secure protocol weaknesses. One of the few practical ways to push that to happen is to migrate browser designs to become incompatible with weak encryption techniques, which in turn will deprive offending sites of visitors and deluge them with user complaints. Ultimately, those sites will have to update their servers and certs if they want to continue supplying https connections; otherwise, they will either drop back to the http level of protection they are in reality offering by weak encryption/protocols or go extinct.
One can elect to use a browser that still allows weak DH encryption for https connections, of course, and run the various risks entailed in keeping the connection private or exploit-free. But it's my belief that fewer such browsers will remain available for much longer.
-
Deleted User last edited by
This is utter horseshit. This error should absolutely appear by default to protect the average user, but to not even provide a means by which to bypass it is absurd. I am a network/systems administrator - I know exactly what the hell I'm doing, and if I want to run the risks associated with a weak security key when using my own computer, the browser had better get the fuck out of my way.
I have been recommending Opera to my end users for quite some time, and I had intended to make the switch from Chrome to Opera for all of my browsing and resource management needs, but at this point I refuse to support Opera in any way, if only out of principal. Back to Google's memory hogging BS, I guess. Opera is officially uninstalled from my machine, and I will start vehemently discouraging my end users from using it.
Bye, Felicia.
-
vikont last edited by
Oops! Looks like Firefox will be going this way at the end of June. See:
https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/My Firefox is at version 38.0.5, and I can still connect to Freephoneline.ca site normally. But I still cannot connect with Opera.
Opera is trying to be a nanny-browser when no one asks it to. Logjam is not an easy exploit to, well, exploit, and it's not like I'm trying to connect to a compromised banking site. With this enforcement policy, Opera found a way to drive its single-digit market share even lower.
Every good security policy states that at the end of the day security should be in the hands of customers. The product must provide all the tools to enable "perfect" security and flag all known issues, but it must be up to the end user to make the ultimate decision whether to take a perceived risk.
-
zrqmlao last edited by
Totally unacceptable! I need to access a school site to take a quiz and opera is blocking my login. Warning is acceptable but not allowing me to connect to a known site is an unwarranted intrusion.
-
cibron last edited by
It's ridiculous. To implement the things people don't ask, as ignore real necessary requests (or even omit them).
I can't access https websites even in local network.
There always must be a choice for every security issues, e.g. for developers.I was using and recommending Opera since 2003, once was Opera Campus Crew evangelist, but sorry, can't go anymore with browser stubborn on dumb inflexibility.
-
lando242 last edited by
I can't access https websites even in local network.
Sounds to me like you have Turbo enabled.
-
msubulldog last edited by
Whenever I try contacting support for www.tutor.com, I get that message. But when I use another browser like Google Chrome for the same site, everything is OK.
-
iwashereonce last edited by
I have also had this issue on my Galaxy S5. My Galaxy S4 gave me the option to continue and the 5 won't. I also was a network administer so it's really frustrating. I had to sites that I needed to get access to and I found an internet that allows you to. I hope this helps you all out. Download the Dolphin browser and no more headaches.
-
A Former User last edited by
Oops! Looks like Firefox will be going this way at the end of June. See:
https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/My Firefox is at version 38.0.5, and I can still connect to Freephoneline.ca site normally. But I still cannot connect with Opera.
Opera is trying to be a nanny-browser when no one asks it to. Logjam is not an easy exploit to, well, exploit, and it's not like I'm trying to connect to a compromised banking site. With this enforcement policy, Opera found a way to drive its single-digit market share even lower.
Every good security policy states that at the end of the day security should be in the hands of customers. The product must provide all the tools to enable "perfect" security and flag all known issues, but it must be up to the end user to make the ultimate decision whether to take a perceived risk.I have no problem connecting freephone.ca using the latest stable version of Opera (33)looks like they may have fixed the problem