New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 614356 link

Starred by 1 user
Status: Assigned
Owner:
awhalley@chromium.org
Cc:
davidben@chromium.org
rnimmagadda@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug-Regression



Sign in to add a comment

https://qmstraining.dlss.com/default.aspx wont work on chrome but will on any other browser.

Reported by stayfly0...@gmail.com, May 24 2016 
Chrome Version       : 50.0.2661.102
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
URLs (if applicable) : https://qmstraining.dlss.com/default.aspx
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5: OK
  Firefox 4.x: OK
     IE 7/8/9: OK

What steps will reproduce the problem?
1. Just trying to load page
2.
3.

What is the expected result?
Work website

What happens instead of that?
Error page

Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Comment 1 by rnimmagadda@chromium.org, May 25 2016

Cc: rnimmagadda@chromium.org
Components: Internals>Network>SSL
Labels: -Type-Bug -Pri-3 M-51 OS-Linux OS-Mac Pri-2 Type-Bug-Regression
Owner: davidben@chromium.org
Status: Assigned (was: Unconfirmed)
====================================

Good Build:

50.0.2633.0    Base Position: 371964


Bad Build:

51.0.2662.0    Base Position: 378134

=====================================

Able to repro this issue on Windows 7, MAC (10.11.4) & Ubuntu Trusty (14.04) for the Google Chrome Stable Version - 50.0.2661.102

This is a regression issue broken in M50, below mentioned is the bisect info:

CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/6904b50eb105956b954279f9632f680251e41aa7..e6d77d6c9061e9e57bf5dddb27769010d5a3592b

Suspecting Commit: 3b26751ff0ac3ca5d1377616b55d0284673dc232

Review URL: https://codereview.chromium.org/1682623002

@davidben: Could you please look into the issue, and if it has nothing to do with your changes and if possible please do assign it to the concerned owner.

Thank you.

Comment 2 by davidben@chromium.org, May 26 2016 

This is working as intended in so far as this kind of site was expected to break. It's the Microsoft AES-GCM bug from two years ago. Because most sites had taken the upgrade (the only affected sites are those who took updates in a one month window in 2014 and never took updates ever since), we decided to weather the breakage rather than attempt to work around it.

stayfly0589: Do you run this site? If so, the fix is really straight-forward:

There was a one month window where the fix for the MS14-066 security vulnerability had a problem in it and caused issues with some clients. (It got silently masked by the insecure TLS version fallback, but that causes security issues for all sites, so we've since removed it.) The fix was later respun and fixed, but this server appears to still have the broken version.

The advice I got from Microsoft way back was that they want to install KB3042058 (https://support.microsoft.com/en-us/kb/3042058) and its prerequisites. Note that KB3042058 describes important prerequisites that must be installed prior to installing KB3042058.

I'll try to contact the site owners and pass this note along.

Comment 3 by davidben@chromium.org, May 31 2016

Cc: davidben@chromium.org
Owner: awhalley@chromium.org
+awhalley: Mind hunting down a way to contact these folks? They just need to take a Windows update on one of their servers.

Comment 4 by awhalley@chromium.org, Jun 1 2016 

Roger, will do.

Comment 5 by awhalley@chromium.org, Dec 21 2016 

No response from the attempts in June, just tried a few other folk now.

Comment 6 by davidben@chromium.org, Dec 21 2016 

They still haven't updated their server? That's disappointing. :-(

Sign in to add a comment