ERR_SSL_VERSION_OR_CIPHER_MISMATCH when surfing to subdomains of Google - google-chrome

Very strange, I can surf to every website I try. Except subdomains of google.com.
ex; firebase.google.com or photos.google.com or analytics.google.com ...
(I am enable to do normal google searches though)
When I go to these sites Google Chrome returns following error:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
And it says x.google.com doesn't use a supported protocol.
Same result when using FireFox:
SSL_ERROR_NO_CYPHER_OVERLAP
Microsoft Edge also raises an error, saying something about the TLS-configuration
As I found it very difficult to believe this is an issue caused by the Google side, I tried two things:
Cleared my cookies
Cleared SSL certificates
But no result.. Any idea's?

You may get this error as the website is still encrypted with the older RC4 or SHA-1 algorithm.
You must check the status of the Cipher-suit of the website, it will help you to understand the correct concern and you can solve the issue.

Related

Website/domain being blocked by google in Google Chrome

Since few days we are experiencing an issue in one of our a domain named "id-validation.us".
Google is blocking this domain on browsing from google-chrome. We tried to rectify the issue and found that google blocking all hits which is being done to id-validation.us. We are using a wildcard certificate on this domain and certificate is fine as it is working well on rest of the domain. We tried to remove the code from a web server as well but the result is still same.
Google is throwing below error once you browse the website from google-chrome. Currently, an index.html file is placed on this web-server for this domain but the response is same.
error message
Can someone help me find the solution to this problem?
You may have some automated script that may affect the computer or browser settings. Google recognizes any automatic redirection or setting-changing code in a server/website as malware.

Gmail not working in chrome..

I am trying to open my gmail account. I am not able to. I am getting this error:
This site can’t be reached
mail.google.com refused to connect.
Try:
Reloading the page
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Other services are working fine.
One thing I have observed is, when I tried to open gmail in IE, its default language was portuguise(Brasil). When I tried to change it to English, I am getting this error in IE:
The webpage cannot be found
HTTP 404
Most likely causes:
•There might be a typing error in the address.
•If you clicked on a link, it may be out of date.
What you can try:
Retype the address.
Go back to the previous page.
Go to and look for the information you want.
More information
I have tried clearing browser data. Chrome is up-to-date. So what might be the problem.. Please help me.
One option you can try is to remove chrome and install a previous version and see if that helps. We had a similar scenario a few months ago and that sorted the problem out.

Google Chrome Client Certificate Popup

I'm implementing a mutual authentication for my client in order to solve not having to continually whitelist some of the agencies with a dynamic ip. The process works fine in all browsers that I've tried in the Windows environment (Windows 7).
The problem is that there is a popup for every time that the user goes to the site. On most browsers, this is a one time occurrence, when you first go to the site for the day. On Google Chrome, however, the popup occurs on what appears to be every POST/GET request. I found how to disable the popup for IE and FF with this link: http://docs.threerings.org.uk/wiki/Certificates_without_prompting, but there is still the problem with Chrome.
I've tried to install the certificate into the Trusted Root Certification Authorities, but I get an error message, "The import failed because the store was read-only, the store was full, or the store did not open correctly.".
If anyone has an idea on what I can do to get around the pop-up for Chrome, it would be greatly appreciated.
This is what you're looking for:
http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls
I could tell you how to do it exactly, but my honest opinion is that this is something you have to work out yourself. You need to know what is going on because you are more than likely to run into bugs (not bugs per-se but some undesired or unwanted results).
I have to admit that Google Chrome and Chromium are great browsers, but when it comes to client certificates, they have a lot of improvements to be made.
Just some extra info on this that may help people.
The first part references the CFBundleIdentifier which you can find in the Contents folder then info.plist. Click you Application and then show package contents then you should see it.
So I had to do this for Chromium for Tizen debugging below worked obviously use your CN name.
defaults write org.chromium.Chromium AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"CN":"Entrust Certification Authority"}}}'

How to preserve SSL with HTML5 application cache

I have an existing site that works fine over http and https (SSL). The SSL certificate is valid and can be confirmed by inspecting in the browser.
I am starting to use a manifest file to enable the HTML5 application cache on my website. This is useful for making the page load faster, and eventually for offline capabilities. This is working great when using a regular http connection. The problems happens when accessing the site over https (SSL). When I do this, I can access my website's content just fine, and the URL says "https" however I see the following behavior:
Safari: It displays the lock icon, but when I click the lock icon to inspect the certificate, it says that the certificate is invalid.
Firefox: Does not display the colored address bar indicating encryption, and when inspecting the certificate, it says that there is no certificate.
Chrome and Opera: Correctly displays the secure nature of the URL, and when clicking the lock icon it displays the SSL certificate information. Yes!
I understand that using the application cache causes resources to be served locally from the browser, and as such there is no encryption happening, however customers don't necessarily know that there is an application cache happening in the background, and they are expecting to see a valid SSL certificate and indications that the connection is secure. Safari and Firefox appear to be doing this incorrectly, unless I am missing something. That is my question. Does anyone know how to get Safari and Firefox to display the SSL certificate for pages served from the application cache? Is there something special that you need to do, or is it a Safari and Firefox bug?
I believe someone has discussed this with me before. Please let me know if this helps.
Change all of your script and css references from
http:// or https:// to //.
If you haven't any then it is moot, but if you do, please let me know if that has an effect.
I believe this may be related to not being able to verify the references from a cached page.
Based on the history of vulnerabilities, I'd guess this may have been overlooked for the sake of fixing more critical issues. That said, I think this should be reported to both vendors now that some of the glaring vulnerabilities have been patched. Have you tested this with the latest releases of Firefox and Safari?
Did you serve the application manifest over SSL?

Chrome still showing red https logo even after adding the certificate to trusted root authorities store (Internal-use self-signed SSL Cert)

Trying to set up an encrypted connection for an intranet site. It's for a small company and not dealing with any sensitive information, but still would like to avoid login and password information sending in the clear. Would also like to avoid having to buy a certificate if possible.
I tried creating a certificate with OpenSSL and got everything set up and the site works over an HTTPS connection, but the web browsers are all showing warning messages. So, I googled around and found that I could add the certificate to Windows' Trusted Root Certification Authorities. I tried this, but am still getting the warning messages and "red x" https logo. Also tried importing the certificate into Chrome through the options screen but no luck.
How can I get my internal machines to trust my self-signed SSL certificate and not show a warning message?
I think Mr. Leahy's suggestion to use a name with DNS-like qualification would work. Here's Chromium patch information related to the error:
http://groups.google.com/a/chromium.org/group/chromium-checkins/msg/9fe59a981479aa44?pli=1 (r62178)
If the host name denotes an "intranet host", which in the code means one with either no dot in the name or a dot at the end, then it is considered non-unique, and you get the warning. After quickly looking through other patches involving the warning, I didn't find a way to tell Chrome to relax about the warning.
Im not sure this will apply to your question but I had a similar experience a few days back where chrome would show an insecure site (red cross through the EV ssl)
In my case it was because some links from google apis were over http not https
thus MAKE SURE ALL YOUR EXTERNAL RESOURCES ARE CALLED OVER HTTPS not http!
I stumbled across the same issue today and found a stunningly simple solution:
It turns out that a bad certificate override is displayed during the entire chrome session even if the certificate has been validated or renewed in the meantime.
Restarting chrome fixes that.
If the certificate warning is still present after the restart, then You will have to look at the other answers.