34 comments

[ 2.7 ms ] story [ 85.4 ms ] thread
...I didn't think that one through.
Well... nobody can say the title is misleading.
Firefox says

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

(Error code: ssl_error_weak_server_ephemeral_dh_key)
Both links and wget don't complain though.
Anyone explain what it does to chrome?

I'm using chrome on android, and it doesn't crash and the lock icon info doesn't show anything that jumps out as wrong.. ?

It didn't crash Chrome for me, but that's because I was using an out of date version.
I didn't try it in Chrome, but in Firefox I get the following. Is that right?

Secure Connection Failed

An error occurred during a connection to demo.cmrg.net. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
IE11 gives a page can't be displayed. Investigating console reveals "code on this page disabled back and forward caching".
Flagged. That's pretty annoying reirob; I assumed that would be a link to an article about the URL, since just crashing my browser was obviously a bad thing to do.

Question to downvoters: You don't ever click down the list of Hacker News submissions without thinking too hard first, or you don't think crashing my browser (and losing any state I had in them) is annoying?

Well, I have got it from Fefe's blog [1] directly as the link. I tried it out before submitting, i.e. I opened a Chromium browser and put the link. The title says what it does - I do not think it is link bait. And Fefe's blog gives as explanation (rough translation from German): The TLS handshake of this site kills Chrome browser.

I too want to know what goes on and I actually think that HN IS the place to submit this kind of bugs.

You shouldn't be using an insecure browser such as Google Chrome in the first place.
I'm not entirely sure what I expected when I clicked this.
Crashed Chromium 33.0.1750.117 x86_64 built on Gentoo.
Fell for it. I see what you did there...
I thought the process-per-tab thing was meant to stop this sort of thing from taking the whole browser down.
That helps when the website code itself is malicious/broken. This crash is due a bug in the underlying TLS code itself. I don't think TLS is sandboxed or separated-per-tab, nor should it expectedly be.
Stop posting a direct link that crashes the whole web browser, that is down right malicious!

It's some sort of regression and a patch is already in review: https://codereview.chromium.org/178003011/

Stop karma whoring with this irresponsible shit.

(comment deleted)
Opera 12 shows a big warning dialog warning the user that the site uses outdated and unsafe encryption.
It didn't crash Chromium for me. Arch Linux, Chromium 28.
Seems like a regression in the latest (33).
Crashed Chrome Version 33.0.1750.146 m on Windows 8.0.
Btw. it didn't just crash the sandbox.