To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.
Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS’s ephemeral modes, which provide forward secrecy — a property that prevents the decryption of previously captured traffic if the key is cracked at a later time.
However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam.
“In response to recent developments attacking Diffie-Hellman key exchange and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits,” David Keeler, a Mozilla security engineer, said in a blog post Friday.
A small number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called “ssl_error_weak_server_ephemeral_dh_key,” Keeler said.
According to a recent survey of the top 140,000 HTTPS websites on the internet by traffic, around 5 percent of them used keys smaller than 1024 bits. The currently recommended size is 2048 bits and over 67 percent of these sites conform to that.