New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734545 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 733223
Owner: ----
Closed: Jul 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

This site can’t be reached "ERR_SSL_VERSION_INTERFERENCE"

Reported by reynie...@gmail.com, Jun 19 2017

Issue description

Chrome Version       : 60.0.3112.32
OS Version:          Fedora 25 4.11.5-200.fc25.x86_64
URLs (if applicable) : https://mail.google.com/
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x: OK
     IE 7/8/9:

What steps will reproduce the problem?
1. Navigate to the given URL
2. Check the error appearing "ERR_SSL_VERSION_INTERFERENCE"

What is the expected result?
Can open any https page without problems

What happens instead of that?
Can't open Gmail and a few other random pages

Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36



 
screenshot-2017-06-1908-19-15.png
275 KB View Download

Comment 1 by agl@chromium.org, Jun 19 2017

Cc: svaldez@chromium.org davidben@chromium.org
Components: Internals>Network>SSL
Labels: Needs-Feedback
Could you attach a NetLog per these instructions? Thanks!
https://dev.chromium.org/for-testers/providing-network-details

Also, what kind of network is this (home? work?). Do you have any antivirus, firewall, proxy, or other networking middleware products configured? If so, do you know which they are?

Comment 3 by reynie...@gmail.com, Jun 22 2017

Will work if I attach the required log when the connection is working or you need it when it does not work? If so I've to wait til I run into the same issue again.

This is a work network. I don't have any AV nor Firewall. Regarding the firewall I think we have one on the middle but that's information I do not know since there is another offshore team handling that part.
Project Member

Comment 4 by sheriffbot@chromium.org, Jun 22 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: Needs-Feedback
The log should be when it's not working. This error happens because something on your network that is interfering with TLS 1.3, which we are currently experimenting with. If it's not currently happening, probably you restarted your browser and got rerolled into a different experiment group.

To reproduce more reliably, go to chrome://flags and:
1. Disable "Experimental QUIC protocol"
2. Set "Maximum TLS version enabled." to TLS 1.3

If you could find out from that team what kind of firewall you're using, that'd also be great.

Thanks!

Comment 6 by reynie...@gmail.com, Jun 23 2017

Hi @david, I was able to reproduce the issue but this time it happened in another different URL: https://cdnjs.cloudflare.com/ajax/libs/free-jqgrid/4.14.1/jquery.jqgrid.src.js. I've attached the logs as requested. TLS 1.3 wasn't disabled for this test.
chrome-net-export-log.json
243 KB View Download
Project Member

Comment 7 by sheriffbot@chromium.org, Jun 23 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: Needs-Feedback
Thanks! That log looks like you have a Watchguard box on your network. Their products have a bug that is interfering with us shipping performance and security improvements to your browser and the rest of Chrome users. ( Issue #733223 .)

Could you check IT folks at your company to confirm you have one of those boxes?

As a workaround, you should have them disable the "Allow only SSL compliant traffic" setting.
http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/proxies/https/https_general_settings_c.html

Comment 9 by eroman@chromium.org, Jun 29 2017

Any update on the feedback requested in comment #8?
Labels: Needs-Triage-M60
Hi there, sadly I haven't any direct connection with the networking team and they are an offshore team so they aren't here in a daily basis, I can't provide you with the answer regarding the box. Moving back to TLS 1.2 makes everything to work should I switch back to 1.3 and make the changes as you suggested?


Project Member

Comment 12 by sheriffbot@chromium.org, Jun 30 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
davidben@ - Could you please provide any update to the user as per comment #11.

Thanks...!!
Also I was able to reach a networking guy and he told me that in fact they are using a Watchguard box but that's it. He isn't allow to give me or change any kind of setup on that box. (company policies)
Mergedinto: 733223
Status: Duplicate (was: Unconfirmed)
I see. Well, here is Watchguard's article on the problem. This is a flaw in their products. The workaround is to disable a (not very useful) setting. If you're not willing to do that, please open a support ticket with Watchguard so they know to prioritize fixing this bug.

https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA42A000000HASBSA4&lang=en_US

Sign in to add a comment