New issue
Advanced search Search tips

Issue 647322 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2016
Cc:
asanka@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Chrome sent too many [SYN] packets when connecting to HTTPS on local network

Reported by dharja...@gmail.com, Sep 15 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

Example URL:
URL is hosted on internal (local) network

Steps to reproduce the problem:
1. Open Chrome
2. Visit https://subdomain.domain.com/service/api/health/ping

The URL is REST API, not a web page.

What is the expected behavior?
Connected to host (uses TLSv1.2) and got response back.

What went wrong?
Connected to host (but uses TLSv1.1) and got response back.

Due to multiple [SYN] packets were sent out, Chrome also sent out multiple Client Hello packets (TLSv1.2 handshake) as if it was attempting to spawn multiple connections to the same host.

In the end, due to receiving many ClientHello, the server failed (exception) and sent multiple Alert (Level: Fatal, Description: Internal Error) back to Chrome.

Because of that Chrome (fallback) attempted TLSv1.1 handshake and was successfully connected to the host and got the response back.

Did this work before? N/A 

Chrome version: 49.0.2623.112  Channel: n/a
OS Version: 6.0 (Windows Vista, Windows Server 2008)
Flash Version: Shockwave Flash 22.0 r0

However, when the host is located on (public) internet, ie. AWS, this behavior was not observed. Why Chrome sent out multiple [SYN] packets out when the host is on local network, but not the case when the host is on (public) internet?

Attachments:
- tlsv1.1.jpg: screenshot showing the connection uses TLSv1.1 (when host is on local network)
- tlsv1.2.jpg: screenshot showing the connection uses TLSv1.2 (when host is on the internet)
- staging.pcap: Wireshark capture (filter for 10.0.168.132 IP address)
- production.pcap: Wireshark capture (filter for 54.201.232.159 IP address)
- screenshot-4.png: screenshot for production.pcap
- screenshot-5.png: screenshot for staging.pcap
tlsv1.1.jpg
36.4 KB View Download
tlsv1.2.jpg
34.2 KB View Download
staging.pcap
1.3 MB Download
production.pcap
93.6 KB Download
screenshot-4.png
91.4 KB View Download
screenshot-5.png
113 KB View Download

Comment 1 by asanka@chromium.org, Sep 16 2016

Cc: asanka@chromium.org
Components: -Internals>Network Internals>Network>SSL
Labels: Needs-Feedback
Thanks for the detailed report. Do you still see this issue with a current stable Chrome build? 49 is quite out of date at this point.

+Network>SSL

Comment 2 by davidben@chromium.org, Sep 16 2016 

Also please attach a net-internals dump per these instructions when you try the latest version. Thanks!
https://dev.chromium.org/for-testers/providing-network-details

Comment 3 by zhongyi@chromium.org, Oct 1 2016 

 dharjanto@: ping! Could you repro the issue and provide us with the net internals help us investigate the issue? Thanks a lot. We'll close this issue if no feedback is received for more than 2 weeks.

Comment 4 by rdsmith@chromium.org, Oct 11 2016

Status: WontFix (was: Unconfirmed)
Closing for lack of response; if this is still occurring please post on this bug or open a new bug.

Sign in to add a comment