Issue metadata
Sign in to add a comment
|
SSL Handshake failed on Live-Video-Streaming with Adobe Media Server
Reported by
purplevi...@gmail.com,
Jul 13 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 Steps to reproduce the problem: 1. Create a swf file using ActionScript to create a NetConnection to a streamserver 2. Connect to the Adobe Media Server using SSL and proxyType 'best' What is the expected behavior? The SSL connection setup works and the status 'NetConnection.Connect.Success' is returned What went wrong? When trying to build a live video connection using Adobe Media Server, the following error is displayed: NetStatusEvent: NetConnection.Connect.SSLHandshakeFailed We use ActionScript to set up the connection and provide the ProxyType 'best'. This is trying to establish a connection to our Adobe Media Server using SSL and port 443. Example: rtmps://[SERVERNAME]:443 Since Chrome 58 and newer we get the above error back and the SSL connection is not possible. All other browser like Firefox, IE and so on works correctly. What is the Problem? I could not find any description of the Error "SSLHandshakeFailed" on the following side: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/events/NetStatusEvent.html Did this work before? Yes Chrome 57 Does this work in other browsers? No Newest Opera has the same problem. Chrome version: 59.0.3071.115 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 26.0 r0 Hardware Info: Intel Core i5-2400 CPU 3.10GHz Ram 10GB 64 Bit Operating System: Window 10 Pro Flash Version: 26_0_0_137
,
Jul 14 2017
I could provide you with a test page to help you solve the problem. However, I would not make this publicly accessible. Is it possible to tell the Url about another way?
,
Jul 14 2017
Folks who work on Flash: Does Flash use the net stack's SSL code or does it use ours? I don't think it uses ours but I may be wrong.
,
Jul 14 2017
,
Jul 14 2017
,
Jul 14 2017
You can see the TLS/SSL socket setup in https://cs.chromium.org/chromium/src/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc?rcl=d36daf872d9601f32503e3c1f101e8d1395a4aa5&l=332 FWIW
,
Jul 14 2017
Ah, okay. And of course this thing doesn't hook up a NetLog. :-( purpleviewgmbh: Could you capture a Wireshark trace of this happening? This won't be as useful as a NetLog but might give something in the meantime.
,
Jul 14 2017
Also, +eroman, do you know what it'd take to hook these sockets up to NetLog?
,
Jul 17 2017
Yes no problem. Here is the Wireshark file.
,
Jul 17 2017
Thank you for providing more feedback. Adding requester "davidben@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 17 2017
Thanks! Judging by TCP stream 2 in that file, we seem to be shutting off the connection shortly after receiving the handshake. My guess is we're rejecting the certificate verification. Adding the certificate label in case they can spot anything obvious. The certificates are in the pcap. Also, sorry, I missed this note: > I could provide you with a test page to help you solve the problem. However, I would not make this publicly accessible. Is it possible to tell the Url about another way? That would be great! Feel free to email it to me privately at davidben AT chromium DOT org, and I'll share it with the relevant team members. Thanks! (I've filed issue #744662 to address the lack of logging here.)
,
Jul 18 2017
Thanks for the quick analysis of the problem. I sent you the e-mail with the URL.
,
Jul 18 2017
Thanks for the link! I'm able to reproduce this problem. It's here: https://cs.chromium.org/chromium/src/content/browser/renderer_host/pepper/ssl_context_helper.cc?type=cs&sq=package:chromium&l=30 Configuring a net::MultiLogCTVerifier isn't very useful when we never add logs to it.
,
Jul 26 2017
Nice to see you can reproduce the problem. When will this bug be fixed or in which Chrome version can we expect a fix?
,
Jul 26 2017
+rsleevi
,
Jul 26 2017
OK. We're exploring fixing this in Chrome 62, although depending on complexity, it may slip. The root cause is that sockets initiated through Flash are not observing the same browser security policies (and enterprise configuration flags), thus causing disruption.
,
Jul 26 2017
Can you also provide a test site that repros to rsleevi@chromium.org ? Thanks :)
,
Nov 7 2017
Is there any news? Unfortunately, the bug in the current Chrome 62 still exists.
,
Nov 7 2017
@Ryan - Should we be normalizing Flash's behavior relative to the rest of the platform. It gives me pause that we aren't consistently implementing the same set of security policies.
,
Nov 7 2017
It's concerning to me as well, but unfortunately, no one has been able to suggest a way to reliably add tests for this. That is, the Flash construction of sockets is (and has always been) distinct from the rest of the profile - this also applies to other policies (such as TLS versions). I have a patch that normalizes these behaviours, but due to the testing side, cannot be tested.
,
May 11 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sandeepkumars@chromium.org
, Jul 14 2017