So I am using Google Chrome these days and I have a CISCO small business router.

Today, as I wanted to check something on that router and tried to connect to it from Chrome, I was confronted with an error message:

Server has a weak ephemeral Diffie-Hellman public key

Most annoyingly, there was no option to override; Chrome just refused to connect to the device.

I understand why they are doing it, but the lack of an override is a major annoyance. What were they thinking? Indeed, a quick search led me to an online product forum where dozens, if not hundreds (mostly people managing intranets, IP telephony devices and other devices with embedded Web servers using SSL) were complaining.

Thankfully, the same site showed a simple workaround that works so long as you start Chrome with a desktop/taskbar shortcut. Just edit the shortcut and add the following command line option to the command name:

 --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

Then, restart Chrome. It works like a charm for me for now. I dare not ask exactly what the security consequences are of using this option though.