Lily Wilson

Google Chrome DHE deprecation

Discussion created by Lily Wilson on Nov 20, 2015
Latest reply on Nov 21, 2015 by Adm Selec

Google Chrome is going to put DHE cipher suites behind a fallback, similar to what has been done with RC4: Issue 538690 - chromium - Investigate dropping DHE entirely - An open-source project to help move the web forward. - …


perhaps it's time to add some indication to test results that DHE is not as good as ECDHE.


if nothing else changes, this will at least make it more difficult for servers without ECDHE to get an A+... once the change makes its way into Chrome's stable channel and there's a reference browser that doesn't do DHE on the first handshake.


note: I won't notice this change in my personal browsing, because I've had DHE (and RC4 and AES 256) cipher suites completely disabled for months, with almost no problems. I've tried also disabling RSA key exchange, but that still breaks a depressingly large number of sites, most of which either don't support DHE or use ≤1024-bit DHE with common primes.