After I changed the OS (Debian to Ubuntu), webmidi support acted weirdly in Chromium and Opera. It seems it can’t be enabled any more: the page https://webmidi.info/ tells Access to WebMIDI is denied without any tooltip to ask permission.
I tried to enable Insecure origins treated as secure in chrome://flags, but it didn’t change the problem.
Also, depending on the application I test, I can get the error WebMidi could not be enabled. DOMException: Platform dependent initialization failed. in the console.
With my previous system, webmidi was supported and enabled smoothly in Chrome, Chromium and Opera.
Related
I was debugging a situation, where chrome keeps saying it is managed by third party organization. Whether it was due to the malware or not is yet to be seen. What bothers me that some process in Windows keeps creating the HKEY_LOCAL_MACHINE\Software\Google\Chrome\NativeMessagingHosts\ registry entries even if I uninstall Chrome. Whether the key is created by legit app or malware it seems that native applications can communicate with chrome without user noticing or having mechanisms to disable the communication.
Now I am really concerned by the security issues connected with the existence of the mechanism of communication between browser and native applications through native messaging see here. I would prefer my browser not being able to see other applications in the system and other applications to see that browser is running or at least have an option to sandbox the browser and isolate it from native applications.
Is there a way to disable this kind of communication in Chrome and in the host system, in my case Windows but I would be interested in Linux as well.
I have several devices that have invalid SSL certificates, mostly old routers,iDRAC,iLO etc.
It now appears to be impossible to access these devices via Chrome and Firefox.
In the past I have been able to add exceptions to access these devices, but I no longer seem to get the options.
Now I understand fully that these devices should be upgraded and I know there are very big risks when ignoring certificate errors, so please do not put a ton of replies telling me to upgrade, as this is not always possible, some of these devices do not any any upgrades available! also how do you upgrade a device that can be upgraded if you cant access it in the first place?
So the question is, is it possible to tell Chrome or Firefox to ignore all SSL/Certificate errors (like invalid certificate or incorrect SSL version), or is there an alternative browser that will work in there place that still allows things like javascript etc to run. I have tried a few browsers in the falcon/surf/hv3 but none of these work.
I cant find any method for the latest versions of chrome and the only thing I could find for firefox was 'security.ssl.enable_ocsp_stapling' and that didn't seem to make any difference :(
I would prefer to use my current install rather than creating a VM and running a totally outdated OS, which also creates problems with SSH and VPN access.
As request, example of error accessing old draytek router via firefox, no option given to bypass:
Secure Connection Failed
An error occurred during a connection to IP-ADDR.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
Chrome error when trying to access HP iLO, get option to ignore, but then get :
This site can’t be reached
The web page at https://IP-ADDR/login.htm might be temporarily down or it may have moved permanently to a new web address.
ERR_SSL_BAD_RECORD_MAC_ALERT
But in general looking to be able to access sites that chrome & firefox have decided in the last year or so that I am incapable of deciding if I trust the site (emphases on the 'I').
Both of these errors do not seem to be related to the certificate at all and can therefore not be solved by ignoring certificate problems. These are not trust problems but these are protocol incompatibility problems.
The problem with HP iLO is likely because the device supports only SSL 3.0 which is insecure for years and thus is not usable in any modern browser and OS. The problem with the Draytek router is not fully clear (there should be more information available in the browser) but it is likely similar, i.e. only SSL 3.0 or some unsupported because insecure cipher like RC4.
One option to deal with these devices is to install some older OS (like Ubuntu 12.04 or even older) in a virtual machine and use the browser from this machine to access the device. And of course note that these devices are long out of support and continued use might cause security risks.
I am trying to access a site that requires an SSL key. I am using Chrome (latest) on Mac OSX 10.14.4.
Browsing the site I get the following error:
This site can’t provide a secure connection site.com didn’t accept
your login certificate, or one may not have been provided. Try
contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT
I can access the site on Safari, Firefox, and Chrome for Windows (using a VM). It is only Chrome for Mac that gives me an error.
When I access the SSL keys in the Chrome Preferences, I am taken to the OSX Keychain app.
The key exists in the keychain, and the permissions are set to allow use from any app (I have also tried setting this to manual and specifically setting allow with Chrome).
When I browse to the site in chrome, I am asked to pick the SSL key to use - the key is detected and I select it from the list (it is the only one available anyway).
I am completely out of ideas. Any thoughts on what I can do to fix this?
I am not able to launch the Nokia RDA, Getting this error message:
Unable to initiate server communication. Please verify that you do not have firewall software preventing the Remote Device Access process (javaw.exe) from accessing apu.ndhub.net, TCP port 1,200.
I am afraid how to do this...
In order to use that, Check these requirements
JavaScript must be enabled.
Browser must be Firefox v2+, Internet Explorer v7+, Opera v9.6+ or Safari v3.
Java Web Start must be installed.
If the problem persist, please check your Java installed version is up to date and also your browser belongs to the version required. Hope it helps you.
I've got a web site that uses SSL Client certificate authorization.
All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL warehouse as IE, so certificate installation was pretty easy (click-click-password-done!).
After last update of Google "Chrome 29.0.1547.57 m", noone can access my web-server, even me.
Google chrome error only! IE and FF working fine.
Error is: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED.
Same in server error log.
Do you have any suggestions?
The problem is that most part of clients are non familiar with PC's and they got very frightened about that situation. So phone support guys are under the wave of calls.
We are experiencing the same problem. As Sean has reported, it seems that Chrome on Windows XP
negotiates TLSv1.2 even though the operating system does not support SHA-2 (say, SHA-256 or SHA-384)
hash function.
We found that Chrome fails when it receives "client certificate request" following SERVER HELLO.
SERVER HELLO itself negotiates RC4-SHA1 (in our environment) which should succeeds. The problematic
packet seems the "client certificate request" that includes SHA-2 (as well as SHA1) functions for hashes.
Invoking Chrome with "--enable-logging --log-level=0" outputs the following message:
ERROR:nss_ssl_util.cc(193)] ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error -12222, OS error -2146893816
This is an Operating system error corresponding "NTE_BAD_ALGID" for CryptSignHash function:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380280(v=vs.85).aspx
Disabling TLSv1.2 on the server should fix the problem. But I think Chrome should prefer SHA1 on Windows XP.
I'm experiencing the same thing here with Windows7 client systems unable to authenticate with client certificates against some of our systems, but not others. The affected servers are running Apache Tomcat while the unaffected are running IIS7, though I'm hesitant to identify that difference as the culprit.
Anyone else seeing this?
EDIT:
I'm able to eliminate the problem by disabling TLSv1.2 on the server. Is anyone else able to replicate this experience?
I would also be interested to know whether anyone else is seeing this on anything but the Windows platform, as it's the only place it's happening here (same version OSX has no issues).
EDIT2:
Chrome Bug Report here: https://code.google.com/p/chromium/issues/detail?id=278370
EDIT3:
Should be working again in latest Chrome stable. Chrome 30 will have a more robust fix, but 29.x should also work now.
I recently had a similar issue in Chrome on Mac OS. It worked fine with Firefox, but started failing in Chrome and Safari after changing my corporate (AD) credentials -- I guess the issue was a mismatch between system creds and the keychain creds.
The solution for me was a reset of the private key(s) access permissions in the Keychain Access app.
To do the reset:
In Keychain Access app right-click each private key that fails and select "Get Info".
Go to "Access Control" tab and set "Allow all applications to access this item" -- click on that option even if it's already set. Then click Save Changes.
Refresh the website that fails and you should be prompted to enter keychain password -- enter it and select Allow Always.
It is combination of Win XP and Google Chrome 29.0.1547.57 m
On Win 7/8 this problem doesn't occur.
You could install older working version 28.0.1500.95
http://www.filehippo.com/download_google_chrome/15657/
But settings for disabling updating are not so easy.
http://dev.chromium.org/administrators/turning-off-auto-updates
The problem is caused by Chrome running TLSv1.2 on Windows XP.
This can be disabled on the server side but also on the client side.
To run Chrome with a lower version of TLS, start it with the command-line option --ssl-version-max=tls1.1
I had this problem Connecting Chrome with WebSockets to apache throw proxy_wstunnel_module.
My solution was configuring httpd.conf
ProxyPass /wss2/ ws://127.0.0.1:8080/ retry=0 keepalive=On
ProxyPassReverse /wss2/ ws://127.0.0.1:8080/ retry=0
<Location /wss2/>
SSLRequireSSL On
SSLVerifyClient none
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
SSLRenegBufferSize 10486000
</Location>
Chrome WebSockets does not like the parameter SSLVerifyClient optional
I hope this helps.