It appears that a secure connection cannot be established because of outdated security code on the website. In this case the Browser protects your privacy by preventing you from connecting to these sites.
In this case you can try the following options:

- Enable ECDHE and disable DHE (preferable)
- Use a 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites
- Disable all DHE SSL cipher suites

You can find a reference guide on how to deploying Diffie-Hellman at: https://weakdh.org/sysadmin.html

The three steps are posted below from the web site:

''We have three recommendations for correctly deploying Diffie-Hellman for TLS:
1. Disable Export Cipher Suites. Even though modern browsers no longer support export suites, the FREAK and Logjam attacks allow a man-in-the-middle attacker to trick browsers into using export-grade cryptography, after which the TLS connection can be decrypted. Export ciphers are a remnant of 1990s-era policy that prevented strong cryptographic protocols from being exported from United States. No modern clients rely on export suites and there is little downside in disabling them.
2. Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE). Elliptic-Curve Diffie-Hellman (ECDH) key exchange avoids all known feasible cryptanalytic attacks, and modern web browsers now prefer ECDHE over the original, finite field, Diffie-Hellman. The discrete log algorithms we used to attack standard Diffie-Hellman groups do not gain as strong of an advantage from precomputation, and individual servers do not need to generate unique elliptic curves.
3. Use a Strong, Diffie Hellman Group. A few 1024-bit groups are used by millions of servers, which makes them an optimal target for precomputation, and potential eavesdropping. Administrators should use 2048-bit or stronger Diffie-Hellman groups with ''safe'' primes.

Steps (1) and (2) can be accomplished simultaneously by configuring your server to only use modern, secure cipher suites. ''