Firefox blocks websites with vulnerable encryption keys - endothervitur

Mozilla

To protect users from cryptographic attacks that lavatory compromise secure web connections, the popular Firefox browser wish block access to HTTPS servers that use limp Diffie-Hellman keys.

Diffie-Hellman is a key exchange communications protocol that is slowly replacing the widely used RSA key agreement for the TLS (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can comprise used with TLS's ephemeral modes, which put up forward secrecy — a property that prevents the decryption of antecedently captured traffic if the key is barmy at a later time.

However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman Key exchange obligatory on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the distinguish size to 512 bits. In May 2015 around 7 percent of websites on the net were vulnerable to the attack, which was dubbed LogJam.

"In response to recent developments attacking Diffie-Hellman key fruit exchange and to protect the privacy of Firefox users, we have accumulated the minimum key size for TLS handshakes using Diffie-Hellman paint exchange to 1023 bits," David Keeler, a Mozilla security engineer, aforesaid in a blog post Friday.

A bitty number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called "ssl_error_weak_server_ephemeral_dh_key," Keeler said.

Accordant to a recent survey of the top 140,000 HTTPS websites on the cyberspace by traffic, or so 5 percent of them used keys smaller than 1024 bits. The currently recommended sized is 2048 bits and over 67 pct of these sites conform to that.

Bill: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link insurance policy for more inside information.