Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home for chromium.org
« Groups Home
Chromium-bugs
About this group
Join this group
Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   11 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
chrom...@googlecode.com  
View profile  
 More options Jun 8 2012, 5:31 am
From: chrom...@googlecode.com
Date: Fri, 08 Jun 2012 09:31:09 +0000
Local: Fri, Jun 8 2012 5:31 am
Subject: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author
Status: Untriaged
Owner: j...@chromium.org
CC: j...@chromium.org,  a...@chromium.org,  w...@chromium.org,  
rsle...@chromium.org
Labels: Type-Bug Pri-2 OS-Android Area-Internals Internals-Network-SSL

New issue 131769 by j...@chromium.org: Chromium Android fails when SSL  
server gives a empty protocol list in NPN extension in a ServerHello  
message.
http://code.google.com/p/chromium/issues/detail?id=131769

Description of the Issue:
Chromium Android fails when SSL server gives a empty protocol list in NPN  
extension in a ServerHello message.

When visiting https://www.ossifrage.net/ by using Chromium Android,  
gets  "Error 2 (net::ERR_FAILED): Unknown error". The site works fine in  
desktop chrome and in the android browser.

Reproducibility:
just try to visit https://www.ossifrage.net/.

After investigation. the failure is caused by server doesn't give any  
advertised protocols in TLS "Next Protocol Negotiation" extension in a  
ServerHello message.

Adam(cced) have proposed a new TLS extension: "Next Protocol Negotiation"  
(aka NPN) since 2010 and recently added in openssl. You can find the  
specification on  
http://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html or  
https://technotes.googlecode.com/git/nextprotoneg.html.

In the specification of NPN, it says "The extension_data field of a  
next_protocol_negotiation extension in a ServerHello contains an optional  
list of protocols advertised by the server.", which means the server may  
not send the protocol list in NPN extension in a ServerHello message. Then  
in "Protocol selection" phase, the spec says

"It's expected that a client will have a list of protocols that it  
supports, in preference order, and will only select a protocol if the  
server supports it. In that case, the client SHOULD select the first  
protocol advertised by the server that it also supports. In the event that  
the client doesn't support any of server's protocols, or the server doesn't  
advertise any, it SHOULD select the first protocol that it supports."

Seems Chromium NSS implementation handles the case that the server doesn't  
advertise any protocols, but Chromium openssl implementation doesn't.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jun 9 2012, 1:08 am
From: chrom...@googlecode.com
Date: Sat, 09 Jun 2012 05:08:05 +0000
Local: Sat, Jun 9 2012 1:08 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author
Updates:
        Status: Assigned

Comment #1 on issue 131769 by w...@chromium.org: Chromium Android fails when  
SSL server gives a empty protocol list in NPN extension in a ServerHello  
message.
http://code.google.com/p/chromium/issues/detail?id=131769

jnd: could you find out where Chrome sets the net::ERR_FAILED error code?
This won't help fix this bug.  I just wanted to improve Chrome's error
reporting.  net::ERR_FAILED is the default error code and is not  
informative.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jun 11 2012, 11:28 am
From: chrom...@googlecode.com
Date: Mon, 11 Jun 2012 15:28:59 +0000
Local: Mon, Jun 11 2012 11:28 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #2 on issue 131769 by j...@chromium.org: Chromium Android fails  
when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

The call sequence was (in ssl_client_socket_openssl.cc)
SSLClientSocketOpenSSL::DoHandshake() ->
MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer)->
MapOpenSSLErrorSSL().

In MapOpenSSLErrorSSL, the OpenSSL error SSL_R_PARSE_TLSEXT(227) maps to  
ERR_FAILED in default switch.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jun 14 2012, 1:17 am
From: chrom...@googlecode.com
Date: Thu, 14 Jun 2012 05:17:33 +0000
Local: Thurs, Jun 14 2012 1:17 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #3 on issue 131769 by bugdro...@chromium.org: Chromium Android  
fails when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769#c3

The following revision refers to this bug:
     http://src.chromium.org/viewvc/chrome?view=rev&revision=142098

------------------------------------------------------------------------
r142098 | j...@chromium.org | Wed Jun 13 22:05:49 PDT 2012

Changed paths:
  M  
http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client...

Select the first protocol from the next protocol list of SSLConfig if If we  
didn't find a protocol.

It's possible that there is no overlap between the server advertised  
protocols and SSL client advertised protocols. And Server even can give a  
empty protocol list in NPN extension in a ServerHello message.
In this case, the SSL client should pick up the first protocol from the  
next protocol list of SSLConfig.

BUG=131769
TEST=None
Review URL: https://chromiumcodereview.appspot.com/10532061
------------------------------------------------------------------------


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jun 19 2012, 6:22 am
From: chrom...@googlecode.com
Date: Tue, 19 Jun 2012 10:22:26 +0000
Local: Tues, Jun 19 2012 6:22 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author
Updates:
        Status: Fixed

Comment #4 on issue 131769 by j...@chromium.org: Chromium Android fails  
when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

(No comment was entered for this change.)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Sep 12 2012, 9:01 am
From: chrom...@googlecode.com
Date: Wed, 12 Sep 2012 13:01:22 +0000
Local: Wed, Sep 12 2012 9:01 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #5 on issue 131769 by i...@daniel-baran.de: Chromium Android fails  
when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

there is the same error with https://android.dab-server.de/ Is this a  
Client- or a Server-Problem?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Sep 12 2012, 9:51 am
From: chrom...@googlecode.com
Date: Wed, 12 Sep 2012 13:51:17 +0000
Local: Wed, Sep 12 2012 9:51 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #6 on issue 131769 by a...@chromium.org: Chromium Android fails  
when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

info: yes, it appears to be the same problem. The server's behaviour is  
suboptimal, but not strictly invalid. The client should tolerate it but I  
suspect that the fix just hasn't made it into a Chrome Android release yet.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Oct 2 2012, 2:57 am
From: chrom...@googlecode.com
Date: Tue, 02 Oct 2012 06:57:21 +0000
Local: Tues, Oct 2 2012 2:57 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #7 on issue 131769 by jonat...@ernstfamily.ch: Chromium Android  
fails when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

A new version of Android for Chrome was released some days ago and the bug  
is still not fixed.

In my case we have disabled SPDY for one of our non-thread safe domain and  
this triggers the bug on Chrome on Android.

In the meantime is there a way to specify a non empty list in this  
virtualhosts config?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Dec 4 2012, 1:57 pm
From: chrom...@googlecode.com
Date: Tue, 04 Dec 2012 18:57:56 +0000
Local: Tues, Dec 4 2012 1:57 pm
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #9 on issue 131769 by simpf...@gmail.com: Chromium Android fails  
when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

Here is another site that fails with (I presume) this issue:

https://bugzilla.samba.org

I lodged a bug with them, but it looks to be a Chrome/Chromium issue more?

Here's their bug report:

https://bugzilla.samba.org/show_bug.cgi?id=9441

but don't try and go there from Android Chrome as it will fail due to this  
bug :)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jan 15, 3:46 pm
From: chrom...@googlecode.com
Date: Tue, 15 Jan 2013 20:46:59 +0000
Local: Tues, Jan 15 2013 3:46 pm
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #10 on issue 131769 by mike.gau...@gmail.com: Chromium Android  
fails when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

Did the fix make it into any released versions of Chrome on Android?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
chrom...@googlecode.com  
View profile  
 More options Jan 30, 7:45 am
From: chrom...@googlecode.com
Date: Wed, 30 Jan 2013 12:45:37 +0000
Local: Wed, Jan 30 2013 7:45 am
Subject: Re: Issue 131769 in chromium: Chromium Android fails when SSL server gives a empty protocol list in NPN extension in a ServerHello message.
Print | Individual message | Show original | Find messages by this author

Comment #11 on issue 131769 by jamescle...@gmail.com: Chromium Android  
fails when SSL server gives a empty protocol list in NPN extension in a  
ServerHello message.
http://code.google.com/p/chromium/issues/detail?id=131769

Still getting this on above sites and  
https://www.brightonfeministcollective.org.uk/

If it helps, here's my SSL configuration. Server is Apache 2.4. Works on  
everything I've tested with (Android stock browser, Chromium desktop,  
Chrome desktop, Firefox desktop, Firefox mobile, Lynx, cURL, wget, httpie).

     SSLEngine on
     SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
     SSLHonorCipherOrder On
     SSLCipherSuite  
ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:RC4-SHA:!ADH:!MD5:!aNULL:!EDH
     SSLCompression Off


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google