I am suddenly getting the following error message when trying to connect to an "wss" WebSocket connection string in Chrome that is not happening in Firefox:
Error in connection establishment: net::ERR_SSL_OBSOLETE_VERSION
My current version of Chrome is: Version 81.0.4044.34 (Official Build) beta (64-bit).
I'm guessing this is due to an update since I was able to connect to the same WebSocket connection string recently and the SSL certificate is the same one I have been using for a while and is valid when I use Firefox.
I have started looking around for documentation on this issue but haven't found anything yet.
Chrome is deprecating support for TLS 1.0 and 1.1. I modified the code for my WebSocket server by enabling support for TLS 1.2 and that fixed the issue.
Related
I am getting an error when using my certificate to connect to an offline device.
TLS 1.2 Alert Level Fatal: Certificate Unknown is the error that is seen in wire shark.
Seeing this behavior in Chrome Version 73.0.3683.103 (Official Build) (64-bit) and later.
The same scenario was working properly in chrome 72.
Tried to add our self signed certificate to the chrome certificate store but still getting the same error.
Not sure whether anything is wrong with the certificate, as after a few refreshes the web page loads properly.
Some connections are being rejected with this error but some connections are being accepted which is causing the page to load after a few refreshes.
I have installed latest Chrome Version 68.0.3440.84 (Official Build) (64-bit)
on Windows 7 Home Premium
When I access google.com/youtube.com I get following error:
Your connection is not private
Attackers might be trying to steal your information from www.google.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
I have tried importing the certificate as mentioned in Getting Chrome to accept self-signed localhost certificate, but that didn't help
I can access google.com from Mozilla Firefox without any error
My laptop time is up to date
Any pointers will be very helpful
Resolved the issue by Installing the certificate from : https://secure.globalsign.net/cacert/Root-R2.crt in chrome
I have enabled SSL for tomcat 8 and my website is working fine in Internet Explorer,but in chrome it is giving me certificate error.
I am running on updated chrome version,may i know if am missing anything.
Thanks,
Vikram
I have upgraded my Chrome to 58 and found the secured WebSocket isn't working any more, the console shows (WebSocket connection to 'wss://127.0.0.1:1234/' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE), I know Google has deprecated the SHA1 certificate, so created a new self-signed certificate with SHA256, but it still doesn't work, so is the self-signed cert not allowed in this scenario? (I'm using "new WebSocket("wss://127.0.0.1:1234")")
It turns out that the certificate should have a subjectAltName with "IP = 127.0.0.1" for my cert to work in Chrome58, not sure if it's a Chrome bug or new requirement
Edit: Please see #Edgar's answer. subjectAltName seems to have become a requirement for self-signed certificates since Chrome 58.
It appears the OP has asked this problem to Google Help Community as well. The response from Google Help Community is:
"I see that you are using Chrome Beta which is an experimental version of Chrome in which new features are tested. I'd recommend to use Chrome Stable which has gotten the full testing and is the updated version. It is the best bet to avoid crashes and other issues."
For now, that should be marked as the correct answer. I just tested wss://localhost on Chrome 59 (Canary/Beta) and it's working.
Note, moving forward, this functionality is subject for removal due to Chromium issue #378566 due to the security implications. For those of us requiring wss:// in this fashion, we should receive deprecation warnings prior to removal. As of Chrome 59 (Canary/Beta), this deprecation is not present.
Since I have updated Chrome from Version 40 to 41, I no longer can access my ssl site running in a local tomcat 7 instance. I have a self signed certificate.
Chrome just prints This webpage is not available together with ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
I already tried the chrome://flags switch Minimum SSL/TLS version supported to SSLv3, which did not work.
I had the same problem with my Java EE web application running with a self signed certificate on Wildfly 8.1.
You are probably using a 1024 bit DSA public key with your selfsigned certificate and Chrome stops/stopped supporting DSA(DSS).
Creating a RSA 2048 certificate and using it with your web application should solve your problem.
I doubt its an SSL/TLS protocol version problem. Most of the time this error means the server and client couldn't agree on which cipher to use. Take a look at this blog post: https://blog.eveoh.nl/2014/02/tls-ssl-ciphers-pfs-tomcat/ on how to enable a secure and compatible cipher suite in Tomcat.
In the Tomcat server.xml file you can set ciphers attribute in the SSL/TLS <connector/> element.
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_RC4_128_SHA"
This solved the problem in my case for ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chromium / Chrome and for ssl_error_no_cypher_overlap in Firefox.
If you came here from Google and since this is the highest ranking 'ERR_SSL_VERSION_OR_CIPHER_MISMATCH' entry:
another explanation is that you started an nodejs https or express server with invalid or empty credentials. The irritating bit is that the server starts without complaining and ssl seems to work, but the negotiation between browser and server fails with this error.