Users will receive an error when trying to access web servers that use weak Diffie-Hellman key exchange with weak keys Credit: Mozilla To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS’s ephemeral modes, which provide forward secrecy — a property that prevents the decryption of previously captured traffic if the key is cracked at a later time.However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam.“In response to recent developments attacking Diffie-Hellman key exchange and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits,” David Keeler, a Mozilla security engineer, said in a blog post Friday. A small number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called “ssl_error_weak_server_ephemeral_dh_key,” Keeler said.According to a recent survey of the top 140,000 HTTPS websites on the internet by traffic, around 5 percent of them used keys smaller than 1024 bits. The currently recommended size is 2048 bits and over 67 percent of these sites conform to that. Related content news CISOs are struggling to get cybersecurity budgets: Report In the latter part of Q4 2022, many CISOs reported that their approved 2023 budgets were being slashed as part of an overall budget tightening. By Shweta Sharma Sep 26, 2023 4 mins Budget Budget Pricing opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Authentication Identity Management Solutions news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe