Websocket failure with SSL

[woosun han]

My websocket program hasn't been working for a while.
The developer tool console comes out like
"WebSocket connection to 'wss://localhost:8181/' failed"

And Chrome debugging comes out as follows.
[27396:26384:1006/171839.450:ERROR:ssl_client_socket_impl.cc(983)] handshake failed; returned -1, SSL error code 1, net_error -208

ws://localhost:8181/ works well and wss:// doesn't.
Also some PC has a problem with connection, and some PC works fine.
I don't know what is problem(Chrome version, Chrome configuration, SSL Certificate, and so on.. )
Can anybody help me?

[Adam Rice]

Sorry for the unhelpful console message.

Error -208 is ERR_CERT_WEAK_SIGNATURE_ALGORITHM. It sounds like a problem with the server configuration.

You can get a bit more information by collecting a "NetLog" using the instructions at https://www.chromium.org/for-testers/providing-network-details/ and then viewing it using https://chromium.googlesource.com/catapult/+/HEAD/netlog_viewer/.

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/ee97ad36-f3ef-4b39-bc34-c79818ec142bn%40chromium.org.

[woosun han]

Thank you.

We've been using sha1 certificate for SSL, and it worked after chaged the certificate with sha256. 

Has the check algorithm in Chrome related to the certificate been change recently?

2022년 10월 6일 목요일 오후 6시 24분 31초 UTC+9에 ri...@chromium.org님이 작성:

[Mike Frysinger]

if you Google for "Chrome sha1 certificate", you find many relevant hits.

https://www.chromium.org/Home/chromium-security/education/tls/sha-1/

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/33321566-0aca-4e77-bcb8-e08a3c5d4473n%40chromium.org.

[woosun han]

I understand Chrome's plans to deprecate SHA-1 certificates. However, our application had no issues with the SHA-1 certificate so far, but recently an issue has occurred on serveral client. There are some client with the same SHA-1 certificate, but some client are normal. I checed that there is no difference between the EnableSha1ForLocalAnchors option or the -ignore-cetificate-errors option. I wanna know there is another option or the algorithm chaged recently.

2022년 10월 13일 목요일 오전 11시 44분 19초 UTC+9에 Mike Frysinger님이 작성:

[David Benjamin]

SHA-1 is quite broken, and Chrome stopped accepting SHA-1 certificates over than five years ago. It is long long past time for your application to migrate off of SHA-1 certificates.

What changed specifically now, and what has happened with the admin policy, I'm not sure. If you attach a NetLog, as requested earlier in the thread, we can try to diagnose that. But either way you should move off SHA-1.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/76018ca3-7e7e-48b1-a345-270046080880n%40chromium.org.