New issue
Advanced search Search tips

Issue 880696 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Sep 5
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Compat



Sign in to add a comment

tls13.crypto.mozilla.org doesn't work in Chrome 69

Reported by lukasz.k...@gmail.com, Sep 5

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36

Example URL:
https://tls13.crypto.mozilla.org/

Steps to reproduce the problem:
1. Goto TLS1.3 only page: https://tls13.crypto.mozilla.org/
2. "tls13.crypto.mozilla.org uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error will be shown

What is the expected behavior?
Page supports TLS1.3 (draft 28) version and it should be opened in the Chrome 68 and 69 which support this version as well.

What went wrong?
Error "tls13.crypto.mozilla.org uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH" is shown instead of the page content.

Does it occur on multiple sites: N/A

Is it a problem with a plugin? No 

Did this work before? No 

Does this work in other browsers? No
 Safari 11.1.2 (13605.3.8)

Chrome version: 69.0.3497.81  Channel: stable
OS Version: OS X 10.13.6
Flash Version: 

It works on Firefox 61.0.2.
 
Labels: Needs-Triage-M69
Components: Internals>Network>SSL
Status: WontFix (was: Unconfirmed)
Thanks for the report, I've confirmed this against the server, and it appears they are implementing TLS 1.3 incorrectly or have strange settings. I've reached out to the maintainers to see what the issue is. However since this is also not working correctly on the Firefox Nightly, this seems to be a server-side issue.
As an update, it looks like its configured to only talk a draft version of TLS 1.3 and requires a minimum version of TLS 1.3, so clients which talk the official RFC version are unable to connect.
In case there was confusion, "Page supports TLS1.3 (draft 28) version and it should be opened in the Chrome 68 and 69 which support this version as well" is not quite true. While we have an implementation of draft-28, Chrome only offers a single draft version, depending on field trial configuration. For 68 and 69, that's draft-23. 70 is expected to ship with the final RFC (which differs from draft 28 in version number and downgrade protection).

Although we did have draft-28 implemented, given the RFC was done in time for Chrome 70 anyway, there wasn't much point in cycling 69 to draft-28 for six weeks.

Sign in to add a comment