Inapropriate behavior with obsolete ciphers
Reported by
m03g...@gmail.com,
Aug 27 2016
|
|||
Issue descriptionChrome Version : 54.0.2837.0 dev-m (64 bit) a29577e8b1ed329373d426e85f679dfeb07a2979-refs/heads/master@{#413618} URLs (if applicable) : https://www.otpsmart.com.ua Other browsers tested: Safari: Ok Firefox: OK What steps will reproduce the problem? (1) Try to open provided URL What is the expected result? Chrome should pick correct cipher supported by server and open website without errors. What happens instead? ERR_SSL_OBSOLETE_CIPHER received Please provide any additional information below. Attach a screenshot if possible. Such kind of behavior is present on all platforms (Windows, Linux, Mac). Provided server according https://www.ssllabs.com/ssltest/analyze.html?d=www.otpsmart.com.ua supports TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher. But chrome for some reason desides to take TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and as it's not supporting AES GCM browser show error instead of choose correct cipher and load website normally.
,
Aug 29 2016
This site only does DHE (obsolete) and P-521 (neither Chrome supports, nor it seems Edge/IE). I'll contact them and see about getting them to use a more common curve.
,
Aug 29 2016
Nice, thanks. I thought that issue is caused only by GCM which is considered obsolete in chrome.
,
Aug 29 2016
Nah, we definitely don't consider AES-GCM obsolete. It's one of the only two bulk ciphers we have in TLS that is actually okay! :-) (Three if you count AES_128_GCM and AES_256_GCM as distinct.)
,
Sep 11 2016
Seems to be resolved on the server now. |
|||
►
Sign in to add a comment |
|||
Comment 1 by nyerramilli@chromium.org
, Aug 29 2016Components: Internals>Network>SSL
Labels: Needs-triage M-53 OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)