New issue
Advanced search Search tips

Issue 855374 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Idiots in Chrome development team (SSL part)

Reported by sort...@gmail.com, Jun 22 2018 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

Example URL:

Steps to reproduce the problem:
About these:
1. For Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate. 

2. This site can’t provide a secure connection

***.org uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.

What is the expected behavior?
It should work.

What went wrong?
1. You violating RFC 5280\6818 and did not handle certificates properly. SAN field is totally OPTIONAL and you cannot REQUIRE it. 

2. Some idiot in your team decided that you should "protect" end-user from using a weak ciphers, effectively blocking access to sites with weaker certificates. 

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? Yes <58

Does this work in other browsers? Yes

Chrome version: 58+  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 23.0 r0

You are fucking morons!!!

Comment 1 by woxxom@gmail.com, Jun 22 2018 

If this is not just a belligerent rant, but a report intended to improve Chrome's handling of SSL, you might want to provide a demo URL that reproduces the problem, otherwise this is unlikely to get any traction as evidenced by similar cases.

Comment 2 by sort...@gmail.com, Jun 22 2018 

Thanks for the reply.

I do not need to provide any URLs, because you have enough impudence to create this article on the subject: https://support.google.com/chrome/a/answer/7391219?hl=en 

Just stop violate worldwide standards. Even if you are a Big Company, you must comply with the rules, not set them on your deliberate wishes. 

And yes, you may consider this as a belligerent rant because I do not have any hope that you will change this. 

Well, we just not using Chrome now. All working fine under other browsers.
I said it all, you may close this as "won't fix" now.
Thanks.

Comment 3 by woxxom@gmail.com, Jun 22 2018 

Well, I'm neither a Chrome developer nor a googler.
I hope you'll get your issue resolved!

Comment 4 by krajshree@chromium.org, Jun 24 2018

Labels: Needs-Milestone

Comment 5 by kojii@chromium.org, Jun 25 2018

Components: -Blink Internals>Network>SSL

Comment 6 by rsleevi@chromium.org, Jun 25 2018

Status: WontFix (was: Unconfirmed)
The error message indicated is not related - that is, ERR_SSL_VERSION_OR_CIPHER_MISMATCH has nothing to do with subjectAltNames, and is related to your server not supporting the minimally secure ciphersuites.

However, marking belligerent rants as WontFix. Please review https://chromium.googlesource.com/chromium/src/+/master/CODE_OF_CONDUCT.md 

The choice not to support commonNames is deliberate, as they are insecure.

Sign in to add a comment