Mitigating Logjam: Enforcing Stronger Diffie-Hellman Key Exchange

In response to recent developments attacking Diffie-Hellman key exchange (https://weakdh.org/) and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits. A small number of servers are not configured to use strong enough keys. If a user attempts to connect to such a server, they will encounter the error “ssl_error_weak_server_ephemeral_dh_key”.

Update 2016-10-03: this was accidentally re-published on September 30, 2016. There has been no change to the minimum accepted Diffie-Hellman key size since this mid-2015 announcement.