IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Google Chrome SSL Connection Error 128 (net::err_ssl_unsafe_negotiation), a bug in Google Chrome 6.0.472.55y regarding the analysis of encrypted
eduardo.enzo
post 13.09.2010 06:06
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 13.09.2010




Hi I use the browser: Google Chrome 6.0.472.55 and I have the problem that is to become more common each time and stand to have relationship between security suites and the new google browser the error than Chrome shown is

"Error 128 (net:: ERR_SSL_UNSAFE_NEGOTIATION): The SSL renegotiation WAS extension missing from the secure handshake. For Some sites, Which Are Known to support the renegotiation extension, Chrome Requires a more secure handshake to Prevent a class of Known attacks. The omission Suggests That this extension of your connection and Manipulated WAS intercepted in transit. "

when I try to enter any HTTPS especially in Gmail

I am a home user and I have no active proxy

google searching and found this forum http://www.google.co.nz/support/forum/p/Ch...ddeaa&hl=en

as I read was to try disabling the security suite, I have the Kaspersky Internet Security 2011 version: 11.0.0.232 when I disabling KIS 2011, HTTPS pages work for me, but when activated KIS 2011 do not work.

and the interesting part is that when I disable the option on KIS 2011 to analyze the connections encrypted HTTPS pages work well and does not display the error Error 128 (net:: ERR_SSL_UNSAFE_NEGOTIATION), but when I enable the option to scan encrypted connections and stop working

I need use enable the option to scan encrypted connections because I use the Safe navigation mode for my Bank web

I hope help to resolve this bug report to Kaspersky that maybe they can make an update to solve this problem, as to report to google the same problem

Thanks for the help
Go to the top of the page
 
+Quote Post
Adam Langley
post 13.09.2010 19:32
Post #2


Newbie
*

Group: Members
Posts: 1
Joined: 13.09.2010




We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.
Go to the top of the page
 
+Quote Post
dawgg
post 13.09.2010 20:31
Post #3


Forum Elite
**************

Group: Moderators
Posts: 9300
Joined: 6.04.2006
From: London




Thank you for the information Adam, your presence and advice here is gratefully appreciated. I have informed a Kaspersky developer of your kind offer.

Eduardo, another solution is to disable Kaspersky from scanning encrypted connections...
Settings - Advanced (the brown box) - Network... uncheck the box which says "Scan encrypted connections".
Attached File  Excluding_all_encrypted.PNG ( 70,61K ) Number of downloads: 48



Another solution is to disable scanning of encrypted connections to Chrome only by adding Chrome to Kaspersky's Trusted Applications list...
Settings - Advanced (the brown box) - Threats and Exclusions - (exclusions) Settings - Trusted Applications - Add - Applications and search Chrome.exe. Select it and click OK, tick "Do not scan Network Traffic" and click the blue "all" to make it change to "encrypted".
Click all the OKs.
Attached File  Excluding_Chrome_encrypted.PNG ( 77,3K ) Number of downloads: 54
Go to the top of the page
 
+Quote Post
eduardo.enzo
post 14.09.2010 03:49
Post #4


Newbie
*

Group: Members
Posts: 3
Joined: 13.09.2010




Thanks everybody for you help, contact Google and apparently already working on the problem, since it also occurs with other security suites
Go to the top of the page
 
+Quote Post
eduardo.enzo
post 14.09.2010 04:23
Post #5


Newbie
*

Group: Members
Posts: 3
Joined: 13.09.2010




I arises another question, if you advise me to disable the option to scan encrypted connections of KIS 2011. That advantage is to analyze the encrypted connections? and that as your answer is not very important to analyze these connection

Thanks for the help
Go to the top of the page
 
+Quote Post
dawgg
post 14.09.2010 16:38
Post #6


Forum Elite
**************

Group: Moderators
Posts: 9300
Joined: 6.04.2006
From: London




QUOTE(eduardo.enzo @ 14.09.2010 01:23) *
...your answer is not very important to analyze these connection

At the current state in time (as to how many times scanning of encrypted connections would have prevented an infection), I personally do not see a need to scan it, and do not use scanning of encrypted connections feature myself.

This may change depending on the threat landscape in the future, but at the moment, I personally am not worried about it.
Go to the top of the page
 
+Quote Post
azadms
post 21.07.2011 07:45
Post #7


Newbie
*

Group: Members
Posts: 1
Joined: 21.07.2011




QUOTE(Adam Langley @ 13.09.2010 18:32) *
We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.


I have the same problem. what ever the url address i typed at the address bar going to save mode. Some time the error shows :
This webpage is not available
The webpage at http://yahoo.com/ might be temporarily down or it may have moved permanently to a new web address.
Error 324 (net::ERR_EMPTY_RESPONSE): Unknown error.

Any solution pl?

Attached File(s)
Attached File  googlechrome_110721.jpg ( 55,32K ) Number of downloads: 15
 
Go to the top of the page
 
+Quote Post
wiskas
post 21.07.2011 16:51
Post #8


Advanced Member II
****

Group: Members
Posts: 283
Joined: 8.04.2010
From: Sunny Melbourne, Australia




QUOTE(Adam Langley @ 14.09.2010 01:32) *
We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

Yes, Adam, I posted a report suggesting that Chrome should investigate a similar error for stream 14.x.y.z

QUOTE
In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

Which begs the question: Is chrome accepting responsibility for stolen financials now?

QUOTE
If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.

Perhaps a configurable whitelist of valid proxies might do the trick?

This post has been edited by wiskas: 21.07.2011 16:52


--------------------
Have you:
__________Read the IMPORTANT topics at the top of this forum?
__________Posted a GSI link so we can help you? <- Click on this to see how.
Go to the top of the page
 
+Quote Post
Whizard
post 21.07.2011 20:00
Post #9


Professional
***************

Group: Moderators
Posts: 20703
Joined: 19.11.2005
From: Toronto/Canada




Update to Chrome 12.xx branch. There is no point in running such an outdated browser.


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post
Karen G
post 11.03.2014 16:45
Post #10


Newbie
*

Group: Members
Posts: 2
Joined: 11.03.2014
From: Hertfordshire England




Hi, I am new to the forum, so I hope I am doing this right.
I couldn't get any of the Google services; Google search, Google maps, Google calender, Google plus, Google Driver or even Google support, on my Chrome browser, but I could get it on my IE browser. I too got the error message: 'SSL connection error' when I tried to access any of these services (apart for Google Drive where the message read was something like app currently unavailable). My version of Chrome is: Version 35.0.1862.2 m, my operating system is Windows 7 and I have Kapersky 2013 installed. I tried many things, such as: uninstalling then re-installing Chrome, clearing history, running a malware scan, installing Windows updates, checking the time and date is correct at the bottom right of the screen and nothing seemed to help. Often I would regain Google services for just a few minuets and then they will be gone again.
Then, my husband found your message, dawgg, and I followed the instructions of your second solution. I would like to say a thank you to you dawgg, as it seems to have worked. All of my Google services are operational. I am no computer whizz and I am not actually sure what it is that I have done when I followed your instructions. You call it 'disable scanning of encrypted connections to Chrome' Does that effectively mean that I have just bypassed any security when I use Chrome from now on? Or does that fact that it is encrypted connections mean that it should be safe?
Regards
Karen G

edit: del large ancient quote.


This post has been edited by richbuff: 12.03.2014 03:42
Go to the top of the page
 
+Quote Post
Rodion Nagornov
post 11.03.2014 18:32
Post #11


Social Media Support Manager
*************

Group: Admin
Posts: 3621
Joined: 23.11.2011
From: Moscow, Russia




QUOTE(Karen G @ 11.03.2014 16:45) *
Hi, I am new to the forum, so I hope I am doing this right.
I couldn't get any of the Google services; Google search, Google maps, Google calender, Google plus, Google Driver or even Google support, on my Chrome browser, but I could get it on my IE browser. I too got the error message: 'SSL connection error' when I tried to access any of these services (apart for Google Drive where the message read was something like app currently unavailable). My version of Chrome is: Version 35.0.1862.2 m, my operating system is Windows 7 and I have Kapersky 2013 installed. I tried many things, such as: uninstalling then re-installing Chrome, clearing history, running a malware scan, installing Windows updates, checking the time and date is correct at the bottom right of the screen and nothing seemed to help. Often I would regain Google services for just a few minuets and then they will be gone again.
Then, my husband found your message, dawgg, and I followed the instructions of your second solution. I would like to say a thank you to you dawgg, as it seems to have worked. All of my Google services are operational. I am no computer whizz and I am not actually sure what it is that I have done when I followed your instructions. You call it 'disable scanning of encrypted connections to Chrome' Does that effectively mean that I have just bypassed any security when I use Chrome from now on? Or does that fact that it is encrypted connections mean that it should be safe?
Regards
Karen G

Upgrade to 2014 version
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.09.2014 02:17