We are getting the following error message "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" when trying to access our website. Are there any fixes or workarounds for this?
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.
Sounds like you are using an old version of the protocol (SSL 2?). I guess adding support for TLS 1.2 would fix this.
We addwe support for TLS 1.2 yesterday.
But the site uses 2008 SQL server which I've heard is not compatible with the updates protocol, could that be the issue?
https://www.benefitsconnect.net/admin
Yes it is behind a firewall and a load balancing product, any idea of a workaround?
Is there a way to rollback to an earlier version of Chrome, which works smoothly with all sites? It would be a pity to switch to another browser because of this small bug.
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.
It is the main students' portal at the University of Oklahoma:
Thanks!
Ignat
What a cryptic message for non techy users...
"SSL server probably obsolete."
This is pathetic situation, we are experiencing off-late, it used to work earlier. Latest chrome ( v45) we see this issue often.
Unable to login to most of the websites as well.
Time to move to a different browser :)
-Prasad
We've installed a new load balancer. The load balancer we had didn't support the upgrade. At present we are redirecting our web servers so that they don't hit the load balancer. This is the temp solution. Once the new one is up and running we will add the servers.
Thank you for all your help.
We've installed a new load balancer. The load balancer we had didn't support the upgrade. At present we are redirecting our web servers so that they don't hit the load balancer. This is the temp solution. Once the new one is up and running we will add the servers.
Thank you for all your help.
On Mon, 14 Sep 2015 16:22:05 +0000
David Benjamin <davi...@chromium.org> wrote:
> It seems to negotiate SSL 3.0 when you offer TLS 1.1 or TLS 1.2, but
> TLS 1.0 if you offer TLS 1.0! SSL 3.0 is now forbidden, so those
> handshakes fail. Both Chrome and Firefox have rather liberal fallback
> conditions, so that triggers the fallback and (used to) eventually
> work when going down to TLS 1.0.
Ah that's interesting to learn.
Are you aware of a test tool that is capable of detecting and
separating the various variants of version intolerance? Might be handy
to have something.
I will ping Ivan, maybe he wants to update SSL labs check on it.
On Mon, Sep 14, 2015 at 12:40 PM Hanno Böck <ha...@hboeck.de> wrote:On Mon, 14 Sep 2015 16:22:05 +0000
David Benjamin <davi...@chromium.org> wrote:
> It seems to negotiate SSL 3.0 when you offer TLS 1.1 or TLS 1.2, but
> TLS 1.0 if you offer TLS 1.0! SSL 3.0 is now forbidden, so those
> handshakes fail. Both Chrome and Firefox have rather liberal fallback
> conditions, so that triggers the fallback and (used to) eventually
> work when going down to TLS 1.0.
Ah that's interesting to learn.
Are you aware of a test tool that is capable of detecting and
separating the various variants of version intolerance? Might be handy
to have something.My testing tool is "try it in Chrome and look at net-internals", followed by "play around with BoringSSL's command-line client, optionally with flags that match Chrome's ClientHello", followed by "play with other browsers and look at Wireshark". :-)It's hard to do a definitive test that's not actually trying it in a browser. E.g. this particular one only manifests if you forbid SSL 3.0. I've seen evidence of servers which implement TLS 1.2 client auth wrong, so it only manifests if you try to authenticate. I've also seen servers that implement AES-GCM wrong, so that only manifests if you complete the handshake.
Online check-in on TAAG https://fastcheck.sita.aero/cce-presentation-web-dt/entryUpdate.do also don't work. I had to use Microsoft Internet Explorer.
--
You received this message because you are subscribed to the Google Groups "Security-dev" group.
--
You received this message because you are subscribed to the Google Groups "Security-dev" group.