New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629040 link

Starred by 7 users
Status: WontFix
Owner:
davidben@chromium.org
Closed: Jul 2016
Cc:
davidben@chromium.org
ajha@chromium.org
kavvaru@chromium.org
pucchakayala@chromium.org
ranjitkan@chromium.org
songsuk@chromium.org
durga.behera@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression: Getting an error while navigating to SBI Internet Banking page

Project Member Reported by susanjun...@techmahindra.com, Jul 18 2016 
Version: 54.0.2799.0
OS: Ubuntu 14.04,Windows,Chrome

URL : https://retail.onlinesbi.com/retail/login.htm

What steps will reproduce the problem?
(1)Launch Chrome and search for "SBI Online" in Google.
(2)Select Internet Banking and then observe.

Expected: Internet Banking page should open on navigating to that link.

Actual: Instead, Internet Banking page is displaying some error.

This is a Regression issue broken in M-53.

Good Build: 53.0.2778.0
Bad Build: 53.0.2779.0

Suspecting https://chromium.googlesource.com/chromium/src/+/b4c25b632a7078d2c3346a37b51034bb853b24b3 from Manual Changelog.

@davidben Please feel free to re-assign if its not related to your change
actual_sbi_screen.ogv
1.1 MB View Download
expected_sbi_screen.ogv
1.6 MB View Download

Comment 1 by ajha@chromium.org, Jul 18 2016

Labels: OS-Mac
This is seen on Mac OS 10.11.5 on 54.0.2799.0 as well.

Comment 2 by rsleevi@chromium.org, Jul 18 2016

Labels: Needs-Feedback
Please provide a chrome://net-internals log, as described at https://dev.chromium.org/for-testers/providing-network-details

The security configuration of this site is very weak, and uses a number of insecure technologies that browsers are in the process or have already deprecated. That said, there's at least one permutation that works, and in my own testing, I'm unable to reproduce the problem seen here. A net-internals log will help diagnose further, although it's very likely this will be a WontFix, as part of the existing approved deprecations.

Comment 3 by rsleevi@chromium.org, Jul 18 2016

Status: WontFix (was: Assigned)
Oh, I tested on 51. Based on https://www.ssllabs.com/ssltest/analyze.html?d=retail.onlinesbi.com this is totally the deprecation of Weak DHE ( Issue 619194 ). With weak DHE disabled, the only remaining ciphersuite the server supports is RC4, which is also terribly insecure and removed.

It is expected that this site will begin to fail in Safari soon (when they drop RC4) and Edge (when they drop DHE). This is a significant misconfiguration of the site, so please feel free to reach out to the bank to point out their configuration issues.

Resources on correct configurations for this decade, which don't use known-insecure/known-broken crypto, can be found at https://wiki.mozilla.org/Security/Server_Side_TLS or the documentation available at https://www.ssllabs.com/ to ensure an A/A+ score.

Comment 4 by rsleevi@chromium.org, Jul 18 2016

Labels: -Needs-Feedback -ReleaseBlock-Stable

Comment 5 by ajha@chromium.org, Jul 22 2016 

 Issue 630362  has been merged into this issue.

Comment 6 by rsleevi@chromium.org, Jul 23 2016

Cc: pucchakayala@chromium.org davidben@chromium.org songsuk@chromium.org
 Issue 630730  has been merged into this issue.

Comment 7 by rsleevi@chromium.org, Jul 23 2016

Cc: ranjitkan@chromium.org
 Issue 616418  has been merged into this issue.

Sign in to add a comment