Webflow uses letsencrypt to generate SSL certs, and that is great, however an issue with the configuration of the Webflow servers hosting the certificate/site. The device (server, load balancer, whatever it is) that terminates SSL in the Webflow environment needs to be updated to remove the older, less secure DH key.
I’ve sent an email to support and got a pretty weak response from support:
"I spoke with out CTO to confirm, and this shouldn’t affect your site’s security. If you are curious to know the technical details you can visit https://letsencrypt.org/. We go through this company for our SSL certifications and they can provide more information around this than we can. "
Here is a screenshot of the “B” Grade that ALL webflow sites using SSL will get because webflow’s server supports weak Diffie-Hellman key exchange parameters:
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
More information about this and the possible security problems it poses:
A guide for webflow to fix the issue:
My reason for posting this is so that others who care about security can make some noise and force webflow to update their server settings so we can all be up to date and not vulnerable.