New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 742995 link

Starred by 3 users
Status: WontFix
Owner:
svaldez@chromium.org
Last visit > 30 days ago
Closed: Dec 2017
Cc:
ajha@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

Gmail works for a period of time, then begins failing with ERR_SSL_VERSION_INTERFERENCE

Reported by jski...@gmail.com, Jul 14 2017 
Chrome Version       : 61.0.3155.0
OS Version: OS X 10.12.5
URLs (if applicable) : mail.google.com
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5: OK
  Firefox 4.x: N/A
     IE 7/8/9: OK

What steps will reproduce the problem?
1. Going to Gmail

What is the expected result?
Gmail loads

What happens instead of that?
Gmail loads for a period of time, and then will not load any longer, with ERR_SSL_VERSION_INTERFERENCE. This is using Google Chrome Canary, and persists across an incognito window as well. Launching Google Chrome (non-Canary) and Safari both work when this problem occurs.

Please provide any additional information below. Attach a screenshot if
possible.
I am behind a corporate firewall. Problem does not occur on my home netowrk.

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3155.0 Safari/537.36

Comment 1 by lgrey@chromium.org, Jul 14 2017

Components: Internals>Network>SSL

Comment 2 by svaldez@chromium.org, Jul 14 2017

Owner: svaldez@chromium.org
This means that some buggy networking software or device is interfering with an upcoming performance and security improvement to Chrome.

Do you know what firewall product is being used (and what version)? Depending on the product, there might be an update that your network administrators need to take.

If possible, can you get the latest Chrome Canary (61.0.3157.0) and do the following for both the "Enabled (Draft)" and "Enabled (Experiment)" settings:

1) Go to chrome://flags#tls13-variant and set "TLS 1.3" to the appropriate value.
2) Restart the browser.
3) Start a NetLog as per (https://dev.chromium.org/for-testers/providing-network-details).
4) Visit https://tls.ctf.network/version.php and record what version of TLS you are using.
5) Save the NetLog.

Comment 3 by ajha@chromium.org, Jul 17 2017

Labels: Needs-Feedback
@reporter: Could you please update the thread as per C#2.

Thanks in advance!

Comment 4 by jski...@gmail.com, Jul 17 2017 

Apologies, I'm not in touch with the networking team (large company), so I'm unable to identify the software/hardware used for our corporate firewall.

Your other recommended step results are below. Thanks!
chrome-net-export-log-default.json
285 KB View Download
chrome-net-export-log-draft.json
420 KB View Download
chrome-net-export-log-experiment.json
1.6 MB View Download
Project Member

Comment 5 by sheriffbot@chromium.org, Jul 17 2017

Cc: ajha@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "ajha@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by jski...@gmail.com, Jul 17 2017 

Awesome. In the meantime, I've set the TLS 1.3 flag to "Disabled" in Canary to see if it alleviates the issue for now.

Comment 7 by svaldez@chromium.org, Jul 17 2017 

Did you perform the steps behind your corporate firewall? Which settings allowed you to successfully visit the version.php page, versus giving the SSL_VERSION_INTERFERENCE error?

Comment 8 by jski...@gmail.com, Jul 17 2017 

All steps were behind the firewall. Note that, as mentioned in the first post above, that Gmail works fine for an indeterminate amount of time (roughly 30-60m) before failing.

Comment 9 by svaldez@chromium.org, Jul 17 2017 

The server at tls.ctf.network should theoretically trigger the failure immediately. The expected results if this is the bug we believe it to be are:

Default/Disabled: You are connecting with TLSv1.2.
Draft: ERR_SSL_VERSION_INTERFERENCE
Experiment: You are connecting with TLSv1.3 Experiment.

Were those the results you saw?

Comment 10 by jski...@gmail.com, Jul 17 2017 

Apologies, that is correct. I must have roamed to another network during the testing from above. Good catch.

Comment 11 by svaldez@chromium.org, Jul 17 2017 

Thank you for the additional information, if you're able to find out the name of the firewall product that would be useful, but otherwise if you aren't experiencing connection errors when leaving the setting at "Enabled (Experiment)", that would be best long-term. Otherwise setting it to "Disabled" should also work, though prevent TLS 1.3 from being negotiated.

Comment 12 by pbomm...@chromium.org, Jul 17 2017

Status: Assigned (was: Unconfirmed)

Comment 13 Deleted

Comment 14 by larrylac...@yahoo.com, Oct 24 2017 

related to 733223?

Comment 15 by svaldez@chromium.org, Dec 27 2017

Status: WontFix (was: Assigned)
Marking this closed as this is from our previous TLS 1.3 experiments, and the latest one has fixed many of the issues with the prior experiment, if you have issues again or are able to reproduce the issues by setting chrome://flags#tls13-variant to "Enabled (Experiment 2)", please reopen an issue with details about your firewalls/antivirus that may be causing issues, along with a net-internals log (https://dev.chromium.org/for-testers/providing-network-details).

Sign in to add a comment