Navigation

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    How to disable weak ephemeral Diffie-Hellman public key error

    Opera for Windows
    15
    19
    4537
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • vikont
      vikont last edited by

      Starting in Opera 30, Opera prevents the HTTPS connection to servers with the D-H group lower than 1024 bits (susceptible to "logjam" attacks). When attempted to connect, you receive this message:

      "Server has a weak ephemeral Diffie-Hellman public key.
      This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all!
      In this case the server needs to be fixed. Opera won't use insecure connections in order to protect your privacy."

      This is nice, but there needs to be a way (via developers flags, for example) to disable the enforcement. I am aware of weakened security for some sites but need to connect to them anyways - locking the users out is not a solution because we do not control the server settings! Warning is fine, but locking out is unacceptable - besides, on some sites I may not even care that much about perfect security in the first place.

      Is there a workaround solution to get around this - short of downgrading to Opera 29, or using other browsers, ALL of which still allow the connections (at least for now)?

      Reply Quote 0
        1 Reply Last reply
      • leocg
        leocg Moderator Volunteer last edited by

        Not that I know.

        Reply Quote 0
          1 Reply Last reply
        • charlieb3
          charlieb3 last edited by

          I agree with vikont - There needs to be a way for the user to make the choice whether to proceed or not. I'm an Instructor of Web Development at a local University and I can't get to the University web site using Opera - I can with every other browser, but not Opera! I certainly will tell all my students not to go near the Opera browser in my class if this isn't fixed.

          Reply Quote 0
            1 Reply Last reply
          • jm4444
            jm4444 last edited by

            If you post a link to a page that throws that error, someone here might be able to help (maybe).

            Reply Quote 0
              1 Reply Last reply
            • vikont
              vikont last edited by

              Here you are: https://www.freephoneline.ca

              Surprisingly enough, this site allows for a non-encrypted http connection (that's bad!), and Opera is perfectly OK with it...

              Reply Quote 0
                1 Reply Last reply
              • leocg
                leocg Moderator Volunteer last edited by

                I don't think you will be able to disable the block: http://blogs.opera.com/security/2015/06/unjam-the-logjam/

                Reply Quote 0
                  1 Reply Last reply
                • slovardzen
                  slovardzen last edited by

                  This is very severe. Users should be able to choose what they want to do.

                  I was the only guy here at an industrial software company that was a defender for Opera. Not anymore.

                  60% of the sites I am using to work are returning this message. I can't stay all day long copying and pasting the links from Opera to Chrome.

                  Unfortunately, I will stop using Opera. Hope the developers fix this issue asap.

                  Reply Quote 0
                    1 Reply Last reply
                  • jm4444
                    jm4444 last edited by

                    Oops! Looks like Firefox will be going this way at the end of June. See:

                    https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/

                    Reply Quote 0
                      1 Reply Last reply
                    • markrcarterjdphd
                      markrcarterjdphd last edited by

                      Last week, I started getting the Diffie-Hellman error when logging into my online softphone. Opera was the only browser that correctly enabled the phone. I worked-around the problem by deleting browsing data. At first a day would work. Then, I had to delete a week, then a month. Now even a month won't work. I managed to login by opening a private window. That stopped working today.

                      Reply Quote 0
                        1 Reply Last reply
                      • blackbird71
                        blackbird71 last edited by

                        At root, this breaks down to a question of convenience versus security, which is an age old conflict. Ultimately, employing any degree of security protection inherently implies a corresponding degree of inconvenience. Some of those software makers who supply a communications portal for users believe they have an obligation to protect user security to the best degree possible, even if that means breaking communications paths for those link partners not employing up-to-date security protocols (and hence certificates). Because any user setting that allows the user to bypass a portal security protection opens up the possibility of exploitation, either directly or inadvertantly and either immediately or later on, some security-conscious software makers elect not to provide user bypass options for their built-in security protection elements. Opera is such a maker. Possibly Mozilla will be as well, depending on how they implement their DH fix.

                        One can argue endlessly about whether a software maker should protect a user from himself, or to what degree. Experienced users may indeed be wise enough to intelligently and carefully relax certain security settings for certain situations; but all too often, either those settings are neglected to be reversed thereafter or inexperienced users relax the settings just to make some favorite 'trivial' site work properly and never think to reverse them for sites where true security/privacy really matter.

                        In any case, the ultimate industry goal is that all websites and all browsers be upgraded to omit such evident https encryption and secure protocol weaknesses. One of the few practical ways to push that to happen is to migrate browser designs to become incompatible with weak encryption techniques, which in turn will deprive offending sites of visitors and deluge them with user complaints. Ultimately, those sites will have to update their servers and certs if they want to continue supplying https connections; otherwise, they will either drop back to the http level of protection they are in reality offering by weak encryption/protocols or go extinct.

                        One can elect to use a browser that still allows weak DH encryption for https connections, of course, and run the various risks entailed in keeping the connection private or exploit-free. But it's my belief that fewer such browsers will remain available for much longer.

                        Reply Quote 0
                          1 Reply Last reply
                        • Deleted User
                          Deleted User last edited by

                          This is utter horseshit. This error should absolutely appear by default to protect the average user, but to not even provide a means by which to bypass it is absurd. I am a network/systems administrator - I know exactly what the hell I'm doing, and if I want to run the risks associated with a weak security key when using my own computer, the browser had better get the fuck out of my way.

                          I have been recommending Opera to my end users for quite some time, and I had intended to make the switch from Chrome to Opera for all of my browsing and resource management needs, but at this point I refuse to support Opera in any way, if only out of principal. Back to Google's memory hogging BS, I guess. Opera is officially uninstalled from my machine, and I will start vehemently discouraging my end users from using it.

                          Bye, Felicia.

                          Reply Quote 0
                            1 Reply Last reply
                          • vikont
                            vikont last edited by

                            Oops! Looks like Firefox will be going this way at the end of June. See:
                            https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/

                            My Firefox is at version 38.0.5, and I can still connect to Freephoneline.ca site normally. But I still cannot connect with Opera.

                            Opera is trying to be a nanny-browser when no one asks it to. Logjam is not an easy exploit to, well, exploit, and it's not like I'm trying to connect to a compromised banking site. With this enforcement policy, Opera found a way to drive its single-digit market share even lower.

                            Every good security policy states that at the end of the day security should be in the hands of customers. The product must provide all the tools to enable "perfect" security and flag all known issues, but it must be up to the end user to make the ultimate decision whether to take a perceived risk.

                            Reply Quote 0
                              1 Reply Last reply
                            • zrqmlao
                              zrqmlao last edited by

                              Totally unacceptable! I need to access a school site to take a quiz and opera is blocking my login. Warning is acceptable but not allowing me to connect to a known site is an unwarranted intrusion.

                              Reply Quote 0
                                1 Reply Last reply
                              • byakuichi
                                byakuichi last edited by

                                Firefox 39 do the same now.

                                Reply Quote 0
                                  1 Reply Last reply
                                • cibron
                                  cibron last edited by

                                  It's ridiculous. To implement the things people don't ask, as ignore real necessary requests (or even omit them).
                                  I can't access https websites even in local network.
                                  There always must be a choice for every security issues, e.g. for developers.

                                  I was using and recommending Opera since 2003, once was Opera Campus Crew evangelist, but sorry, can't go anymore with browser stubborn on dumb inflexibility.

                                  Reply Quote 0
                                    1 Reply Last reply
                                  • lando242
                                    lando242 last edited by

                                    I can't access https websites even in local network.

                                    Sounds to me like you have Turbo enabled.

                                    Reply Quote 0
                                      1 Reply Last reply
                                    • msubulldog
                                      msubulldog last edited by

                                      Whenever I try contacting support for www.tutor.com, I get that message. But when I use another browser like Google Chrome for the same site, everything is OK.

                                      Reply Quote 0
                                        1 Reply Last reply
                                      • iwashereonce
                                        iwashereonce last edited by

                                        I have also had this issue on my Galaxy S5. My Galaxy S4 gave me the option to continue and the 5 won't. I also was a network administer so it's really frustrating. I had to sites that I needed to get access to and I found an internet that allows you to. I hope this helps you all out. Download the Dolphin browser and no more headaches.

                                        Reply Quote 0
                                          1 Reply Last reply
                                        • athlonite
                                          athlonite last edited by

                                          Oops! Looks like Firefox will be going this way at the end of June. See:
                                          https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/

                                          My Firefox is at version 38.0.5, and I can still connect to Freephoneline.ca site normally. But I still cannot connect with Opera.
                                          Opera is trying to be a nanny-browser when no one asks it to. Logjam is not an easy exploit to, well, exploit, and it's not like I'm trying to connect to a compromised banking site. With this enforcement policy, Opera found a way to drive its single-digit market share even lower.
                                          Every good security policy states that at the end of the day security should be in the hands of customers. The product must provide all the tools to enable "perfect" security and flag all known issues, but it must be up to the end user to make the ultimate decision whether to take a perceived risk.

                                          I have no problem connecting freephone.ca using the latest stable version of Opera (33)looks like they may have fixed the problem

                                          Reply Quote 0
                                            1 Reply Last reply
                                          • First post
                                            Last post

                                          Computer browsers

                                          • Opera for Windows
                                          • Opera for Mac
                                          • Opera for Linux
                                          • Opera beta version
                                          • Opera USB

                                          Mobile browsers

                                          • Opera for Android
                                          • Opera Mini
                                          • Opera Touch
                                          • Opera for basic phones

                                          • Add-ons
                                          • Opera account
                                          • Wallpapers
                                          • Opera Ads

                                          • Help & support
                                          • Opera blogs
                                          • Opera forums
                                          • Dev.Opera

                                          • Security
                                          • Privacy
                                          • Cookies Policy
                                          • EULA
                                          • Terms of Service

                                          • About Opera
                                          • Press info
                                          • Jobs
                                          • Investors
                                          • Become a partner
                                          • Contact us

                                          Follow Opera

                                          • Opera - Facebook
                                          • Opera - Twitter
                                          • Opera - YouTube
                                          • Opera - LinkedIn
                                          • Opera - Instagram

                                          © Opera Software 1995-