Issue #822290  is about an issue with Fortigate. You're using Fiddler, so they're probably separate.

There's no requirement that Fiddler support TLS 1.3. It needs to correctly implement TLS 1.2, but that's it. So perhaps there's a bug in Fiddler, or perhaps something stranger is going on.

Could you attach a NetLog per the instructions below? Thanks!
https://dev.chromium.org/for-testers/providing-network-details

Oh, I just noticed you said it was rare. When it happens, does reloading the page or so fix it?

ERR_SSL_VERSION_INTERFERENCE is an imperfect detector. It means that connecting with 1.3 enabled failed, but connecting with 1.3 disabled worked. This could mean the server or network has a bug in its version-handling, or it could just mean that connections are flaky and the second try happened to work. If it's sporadic, it may just be that.

Yeah, Fiddler only supports TLS/1.2 at present. You might find more detail about a failed handshake on Fiddler's LOG tab, and look for earlier (failed) CONNECT tunnels.

Supporting only TLS 1.2 is fine. Fiddler is presumably a TLS terminator, so it should act as a TLS 1.2 server to the client (Chrome), using its own certificate, and a TLS 1.2 client to the server. The client is presumably configured to trust Fiddler's certificate, so this is fine, even if a direct connection would otherwise have negotiated TLS 1.3.

Where this goes wrong is if there is a bug somewhere that causes one of the components to get versioning wrong.

Pinging to see if this is still an issue, and if so, can you provide a NetLog as described in comment #4?

The problem is as I said it's rare and I can't offer steps to reproduce, other than use Fiddler for like a day, which makes a netlog kind of pointless. The next time I'm using Fiddler I'll do that though and let you know what happens.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I managed to observe it this evening on a connection to amazon.com and I was logging. I've looked through chrome-net-export-log.json and there is sensitive information in it even with just the URLs so I cannot share the file. The whole file is 78MB.

One id that eventually ends in -157 (ssl version interference) is this one 1268586:
{"params":{"priority":"HIGHEST","url":"https://www.amazon.com/WILLIAM-HARVEY-90242-Disc-Plunger/dp/B000LX5WM2"},"phase":1,"source":{"id":1268586,"type":1},"time":"1893035411","type":2},

some lines later there's ssl probes

{"params":{"group_name":"http_proxy/ssl/version-interference-probe/www.amazon.com:443"},"phase":1,"source":{"id":1268597,"type":5},"time":"1893035497","type":83},
{"phase":1,"source":{"id":1268597,"type":5},"time":"1893035497","type":84},
{"phase":1,"source":{"id":1268597,"type":5},"time":"1893035497","type":87},
{"params":{"group_name":"http_proxy/ssl/version-interference-probe/www.amazon.com:443"},"phase":1,"source":{"id":1268598,"type":3},"time":"1893035497","type":83},

some lines later the connection ends

{"params":{"net_error":-175},"phase":2,"source":{"id":1268586,"type":1},"time":"1893035582","type":2},

If you have something specific you're looking for I'll try extracting it from the json

in the browser for a split second when this happened I saw the ssl version interference error and then a second or two later the page loaded on its own

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

In fiddler I found the time it happened and there was a tunnel to amazon.com that failed with error code 0x80090326 (SEC_E_ILLEGAL_MESSAGE) before two more tunnels that succeeded. looking at the difference between the tunnels there seems to be some difference between unidentified extensions (0xbaba,0x0a0a,0xfafa) and ciphers (eaea,5a5a,1a1a), almost looks like garbage in all. I don't know what these are. And one successful one has padding and one doesn't. not sure what to make of it. Eric maybe you can take a look?

Deleted: SSL_VERSION_INTERFERENCE in Chrome.saz 9.7 KB

SSL_VERSION_INTERFERENCE in Chrome.saz 9.7 KB Download

Please attach the entire NetLog. The little snippet is not sufficient to analyze.

I hear you but like I said I cannot share the file. You can request information from it. Sorry if this is insufficient but it's the best I can do given that I have to leave the netlog running for a long time since it happens so rarely.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

We can't do anything with individual JSON lines. We need to pass the entire file into a viewer. Without the top of the file, the numeric IDs in the log aren't readable. The snippets you provided also don't include any of the context as to what happened. We make multiple connection attempts, etc.

You can run Chrome with the --user-data-dir flag to disconnect it from your normal session. You can then just not sign into there and try to reproduce it.

[termsrv]:  Could you please response to comment #18?  Otherwise, we can't make progress here, and will have to close this bug.

It takes too long to reproduce, it's very rare. I'd have to capture at least a day of traffic and private information would inevitably make it into the capture unless I just browsed amazon for 12 hours straight. I guess close it for now and if I find out anything additional I'll let you guys know with another comment.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Closing this for now until there's further data.

I actually suspect that ERR_SSL_VERSION_INTERFERENCE is a red herring here, and there's something going on with Fiddler and Amazon that causes some flakiness, and ERR_SSL_VERSION_INTEFERENCE is showing up since the first connection hits the flaky issue, and the second one succeeds, and this is causing the error to trigger rather than a normal error message.