New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 738937 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

ERR_SSL_VERSION_INTERFERENCE when trying to access mail.google.com or gmail.com

Reported by etienne....@gmail.com, Jul 3 2017

Issue description

Chrome Version       : 60.0.3112.40
OS Version: 10.0
URLs (if applicable) : https://mail.google.com
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x: 45.0.1 - It works on Firefox.
     IE 7/8/9:

What steps will reproduce the problem?
1. Try to access mail.google.com or gmail.com
2. ERR_SSL_VERSION_INTERFERENCE
3.

What is the expected result?
Expected to access my gmail mailbox.

What happens instead of that?
ERR_SSL_VERSION_INTERFERENCE

Please provide any additional information below. Attach a screenshot if
possible.
On corporate network, don't know if there is interference somewhere. But it works on Firefox and not Chrome.

UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.40 Safari/537.36



 
There is no proxy activated.

Tried to create a new profile on chrome without any extensions, same error.

Not the first time it happened, it went away and now came back.
Setting the chrome flag 
Maximum TLS version enabled. Mac, Windows, Linux, Chrome OS, Android
Set maximum enabled TLS version. #ssl-version-max

to TLS 1.2

And it fixes the issue.
Setting the same flag to TLS 1.3 and it fails again.
I know there are other issues similar but they seem like they are a dead-end.

I have tried what the other people suggested in those other issues, and posted the results here.

Also people were asking for the net-export-log, I have attached it here.
chrome-net-export-log.json
142 KB View Download
This is a work network, we have Fortigate installed (but it is closed at the moment and error is present).

We are also using Symantec endpoint protection (both enabled and disabled and I have the issue).

I have the creator update of windows 10, which seemed to come with an update on windows security including firewall (just adding to try to push as much details as possible).
Cc: rbasuvula@chromium.org svaldez@chromium.org davidben@chromium.org
Components: Internals>Network>SSL
Labels: Needs-Feedback
Thank For filing the issue! Tested in chrome # 59.0.3071.115, Beta #60.0.3112.50 and Canary #61.0.3147.0 on win 10.0 & 7 and not able to reproduce the issue.Please find the screen shots for your reference.Adding related dev team in 'CC' for further inputs.

@davidben /svaldez : As per your comments in below issues 
https://bugs.chromium.org/p/chromium/issues/detail?id=735104,
https://bugs.chromium.org/p/chromium/issues/detail?id=735337.
not merging this issue.Could you please look in to this issue.

Thank You!


738375.PNG
495 KB View Download
Thanks for the extremely detailed report!

This is another access_denied alert from a buggy middlebox. We've seen that before from a bug in Fortigate, though it's possible other products have the same failure mode. I'm not aware of issues with Windows' firewall.

- What version of Fortigate's software are you running?

- When you say the Fortigate product is "closed at the moment" do you mean that it's not on your network at all or you've disabled all filtering rules? (It's possible that their bug occurs even when all filtering rules are enabled.)
My fortigate installed on my computer was off.

Don't know what we have on network. I can ask.



Étienne Rocheleau
etienne.rocheleau@gmail.com
Project Member

Comment 9 by sheriffbot@chromium.org, Jul 7 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "rbasuvula@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Is it critical to have the version of Forti running on the network?

I meant that I had closed off the program on my machine when the problem occured.
Labels: Needs-Feedback
When you say the program was closed, do you mean FortiClient? But there is still a FortiGate device on your network, right?

We need details on the FortiGate device. Our previous reports were about a problem in that product.
Yes I meant the FortiClient was off on my machine.

Version for the FortiGate running on our networks: 5.2.8/5.2.10 (says it
depends on location)



Étienne Rocheleau
etienne.rocheleau@gmail.com
Project Member

Comment 13 by sheriffbot@chromium.org, Jul 12 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Does upgrading the device to 5.4.0 or later work? Fortinet previously told us that's where they fixed their bug. (Though we've had other reports which contradict this, so this may not actually be accurate.)
Do you mean FortiClient? or FortiGate?

I don't really think I can get IT to upgrade their whole system for that :(
Sorry.



Étienne Rocheleau
etienne.rocheleau@gmail.com
Labels: Needs-Triage-M60
Cc: hdodda@chromium.org
@davidben-- Could you please respond to the comment #15 and help us in triaging the issue.

Thanks!
@davidben-- Could you please look into this issue.

Thanks!
Status: WontFix (was: Unconfirmed)
Um, there is pretty obviously nothing in comment #15 to respond to. There is a problem with the device, but the administrator does not wish to fix it.

We're running some alternative experiments in M61 to better understand these bugs. If you still experience problems in M61, please re-file a bug (with any details about the middlebox/firewall/network appliances you can find and a net internals log of the problem (https://dev.chromium.org/for-testers/providing-network-details)).

Sign in to add a comment