Google Crome version 6 does not use Windows SChannel SSP
485 views
Skip to first unread message
Max...@list.ru
Oct 3, 2010, 4:40:51 AM10/3/10
to Chromium-discuss
Hi All,
I have found an issue with version 6 of Chrome browser (not sure it is
related to Chromium, but there is not binary distribution to test).
I have a non-standard cipher suite configured within my Windows
SChannel SSP. With versions 5 & 4 Google Chrome just used Windows SSP
interface to setup a TLS connection to a secure server, and everything
worked fine. However, version 6 seems to completely ignore Windows SSP
API and, it looks like, uses its internal SSL/TLS implementation to
connect to secure sites.
Here is the question - is there a way to restore the previous
version's behavoir?
Best regards
I have found an issue with version 6 of Chrome browser (not sure it is
related to Chromium, but there is not binary distribution to test).
I have a non-standard cipher suite configured within my Windows
SChannel SSP. With versions 5 & 4 Google Chrome just used Windows SSP
interface to setup a TLS connection to a secure server, and everything
worked fine. However, version 6 seems to completely ignore Windows SSP
API and, it looks like, uses its internal SSL/TLS implementation to
connect to secure sites.
Here is the question - is there a way to restore the previous
version's behavoir?
Best regards
PhistucK
Oct 3, 2010, 4:52:28 AM10/3/10
to Max...@list.ru, Chromium-discuss
--use-system-ssl, I guess.
Though not recommended, I suppose.
☆PhistucK
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
PhistucK
Oct 3, 2010, 5:57:45 AM10/3/10
to Max...@list.ru, Chromium-discuss
No, this is a command line switch that is available for the official build at runtime. Just add it.
Close Chrome entirely (Wrench-->Exit).
Start menu-->Run...-->chrome.exe --use-system-ssl-->OK.
☆PhistucK
On Sun, Oct 3, 2010 at 11:47, Max...@list.ru <Max...@list.ru> wrote:
Thanks for the reply.
However, I guess you mean that the distribution has to be rebuilt with
the switch.
But I need a capability to use the Windows SSP within the official
release :(
On Oct 3, 12:52 pm, PhistucK <phist...@gmail.com> wrote:
> --use-system-ssl, I guess.
> Though not recommended, I suppose.
> ☆*PhistucK*
>
>
>
> On Sun, Oct 3, 2010 at 10:40, Max2...@list.ru <Max2...@list.ru> wrote:
> > Hi All,
>
> > I have found an issue with version 6 of Chrome browser (not sure it is
> > related to Chromium, but there is not binary distribution to test).
>
> > I have a non-standard cipher suite configured within my Windows
> > SChannel SSP. With versions 5 & 4 Google Chrome just used Windows SSP
> > interface to setup a TLS connection to a secure server, and everything
> > worked fine. However, version 6 seems to completely ignore Windows SSP
> > API and, it looks like, uses its internal SSL/TLS implementation to
> > connect to secure sites.
>
> > Here is the question - is there a way to restore the previous
> > version's behavoir?
>
> > Best regards
>
> > --
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
Max...@list.ru
Oct 3, 2010, 7:51:22 AM10/3/10
to Chromium-discuss
Thank a lot.
That command line switch just made my day ;) Another question please -
what was the reason for ignoring Microsoft SChannel SSP altogether?
On 3 окт, 13:57, PhistucK <phist...@gmail.com> wrote:
> No, this is a command line switch that is available for the official build
> at runtime. Just add it.
> Close Chrome entirely (Wrench-->Exit).
> Start menu-->Run...-->chrome.exe --use-system-ssl-->OK.
>
That command line switch just made my day ;) Another question please -
what was the reason for ignoring Microsoft SChannel SSP altogether?
On 3 окт, 13:57, PhistucK <phist...@gmail.com> wrote:
> No, this is a command line switch that is available for the official build
> at runtime. Just add it.
> Close Chrome entirely (Wrench-->Exit).
> Start menu-->Run...-->chrome.exe --use-system-ssl-->OK.
>
PhistucK
Oct 3, 2010, 7:58:31 AM10/3/10
to Max...@list.ru, Chromium-discuss
My guess is that it is done in order to support several SSL enhancements, like Snap Start, False Start, but I am not familiar with these features enough to know whether they really need a different SSL implementation (which I understand SChannel\NSS are).
They are working on feature parity (one of the first items in this page) with SChannel, anyway, so I guess once that is done, Chrome will understand your different settings, or let you have another way of configuring them (not sure, though).
☆PhistucK
--
Chromium Discussion mailing list: chromium...@chromium.org
Max...@list.ru
Oct 3, 2010, 4:15:30 PM10/3/10
to Chromium-discuss
Thank you for the link.
Unfortunately, from what I read, they plan to move to NSS library, and
to ignore Microsoft SChannel altogether. Thus they would be ignoring
all the TLS cipher suites that are registered as CNG SSL providers.
Thats basically puts an end to Google Chrome pairing with Russian GOST
cryptographic standards...
On 3 окт, 15:58, PhistucK <phist...@gmail.com> wrote:
> My guess is that it is done in order to support several SSL enhancements,
> like Snap Start, False Start, but I am not familiar with these features
> enough to know whether they really need a different SSL implementation
> (which I understand SChannel\NSS are).
>
> They are working on feature parity (one of the first items in this
> page<http://dev.chromium.org/developers/design-documents/network-stack>)
Unfortunately, from what I read, they plan to move to NSS library, and
to ignore Microsoft SChannel altogether. Thus they would be ignoring
all the TLS cipher suites that are registered as CNG SSL providers.
Thats basically puts an end to Google Chrome pairing with Russian GOST
cryptographic standards...
On 3 окт, 15:58, PhistucK <phist...@gmail.com> wrote:
> My guess is that it is done in order to support several SSL enhancements,
> like Snap Start, False Start, but I am not familiar with these features
> enough to know whether they really need a different SSL implementation
> (which I understand SChannel\NSS are).
>
> They are working on feature parity (one of the first items in this
> with SChannel, anyway, so I guess once that is done, Chrome will understand
> your different settings, or let you have another way of configuring them
> (not sure, though).
>
> your different settings, or let you have another way of configuring them
> (not sure, though).
>
PhistucK
Oct 4, 2010, 2:54:30 AM10/4/10
to Max...@list.ru, Chromium-discuss
I am not familiar with this area, but you might want to request support for it (in an NSS compatible way) at new.crbug.com (be sure to search for existing feature requests in this matter at crbug.com). Maybe they will consider implementing it - who knows.
☆PhistucK
Chromium Discussion mailing list: chromium...@chromium.org
Marc-Antoine Ruel
Oct 4, 2010, 11:39:07 AM10/4/10
to phis...@gmail.com, Max...@list.ru, Chromium-discuss
Reply all
Reply to author
Forward
0 new messages