Thanks for the report! This means something on your network or machine (firewall, antivirus, proxy, etc.) has a bug that's conflicting deployment of TLS 1.3, the next version of TLS. A couple requests to help us diagnose this:

1. Could you attach a NetLog to the bug of the error? See this link for instructions.
https://dev.chromium.org/for-testers/providing-network-details

2. Is this your home network or a work one? Do you have an antivirus installed? If so, which? Do you know of any other firewall or proxy that you might be behind?

Thanks!

Hi,
attached to the mail you will find the network dump you asked for. The
error appears only when I'm connecting from work and, surely, there are at
least two firewall I traverse to reach the Internet. No proxy are used.

Let me know if you need more info.

Ciao,
Francesco

Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I can report this same issue on Chrome Beta (Version 60.0.3112.24 64-bit). Did not happen on ver 58 current. As one person did in this post, https://superuser.com/questions/1217257/this-site-can-t-be-reached-mail-google-com-is-currently-unreachable , going to chrome://flags and forcing TLS 1.2 fixed the issue.

Windows 10 Pro 64-bit
Fortilcient Anti-virus
Fortigate Firewall on network

Yes, I can confirm forcing the TLS version 1.2 solve the issue.



Il giorno mer 14 giu 2017 alle ore 14:52 dvdsm… via monorail <
monorail+v2.2298201974@chromium.org> ha scritto:

fran.lab: Do you know what firewall products you use when connecting to the internet?

dvdsmith: Do you know what version of Fortigate is used? From talking with Fortinet, we believe that version 5.4.0 and later should fix their issue, and let you access sites without downgrading your security with the workaround.

The firewall is an F5, I don't know the exact version but I could check this with my colleagues. 

Ciao, Francesco

Thank you for providing more feedback. Adding requester "mmenke@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Could you get any and all information on this F5 device? With that in hand, we can reach out to F5 about this.

c#9/Francesco: Could you respond to the request in c#12?  We need your help to make progress on this issue.  

Thanks very much in advance!

Also could you re-attach your NetLog from comment #3. Sorry, we missed this. If you reply to the email and attach it, the bug tracker drops it. You'll need to attach it from the web page here:
https://bugs.chromium.org/p/chromium/issues/detail?id=732782

Thanks!

Sorry for the delay but I'm currently out of office. I've tried to go more deeply with my colleagues about out network infrastructure. F5 was dismissed some months ago. Now we have two firewall layers towards internet: Fortinet for webfiltering and Firepower with pure firewall tasks. About the exact versions, we have Firepower 6.1 and Fortinet 5.6.

Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Thanks for the information!

Interesting. There was previously a bug in Fortinet's products here. Your NetLog actually matches that ( issue #676969 ). The firewall is rejecting the connection with an access_denied alert (not actually spec-compliant behavior; the alert is meant for client certificates). But Fortinet claims they had fixed it in Fortinet 5.4. So either it's the other box, or Fortinet still has a bug.

I'll see if we can get contacts at those vendors to give us more information. Meanwhile, if there's a way for you or your colleagues to test through only the Firepower or Fortinet box, that would be much appreciated! That we can narrow things down.

Oh, in addition to testing with just one box or the other, would you mind attaching your Fortinet configuration? In our previous contacts with Fortinet, they were unable to reproduce problems without it.

(Feel free to email it to me privately if you prefer not to attach it to this public bug.)

I think it will be very difficult to gather those information as I'm just a consultant and not a regular employee.... However I will try. 

Ciao, Francesco 

Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Understood. Thanks a bunch for your help thus far! This bug is public, so feel free to point the IT folks at it if you think that might work better.

(Restoring Needs-Feedback label.)

Hi   fran.lab@ Any update on gathering the requested information?

We're running some alternative experiments in M61 to better understand these bugs. If you still experience problems in M61, please re-file a bug (with any details about the middlebox/firewall/network appliances you can find and a net internals log of the problem (https://dev.chromium.org/for-testers/providing-network-details)).