eduardo.enzo

Google Chrome SSL Connection Error 128 (net::err_ssl_unsafe_negotiation)

11 posts in this topic

Hi I use the browser: Google Chrome 6.0.472.55 and I have the problem that is to become more common each time and stand to have relationship between security suites and the new google browser the error than Chrome shown is

 

"Error 128 (net:: ERR_SSL_UNSAFE_NEGOTIATION): The SSL renegotiation WAS extension missing from the secure handshake. For Some sites, Which Are Known to support the renegotiation extension, Chrome Requires a more secure handshake to Prevent a class of Known attacks. The omission Suggests That this extension of your connection and Manipulated WAS intercepted in transit. "

 

when I try to enter any HTTPS especially in Gmail

 

I am a home user and I have no active proxy

 

google searching and found this forum http://www.google.co.nz/support/forum/p/Ch...ddeaa&hl=en

 

as I read was to try disabling the security suite, I have the Kaspersky Internet Security 2011 version: 11.0.0.232 when I disabling KIS 2011, HTTPS pages work for me, but when activated KIS 2011 do not work.

 

and the interesting part is that when I disable the option on KIS 2011 to analyze the connections encrypted HTTPS pages work well and does not display the error Error 128 (net:: ERR_SSL_UNSAFE_NEGOTIATION), but when I enable the option to scan encrypted connections and stop working

 

I need use enable the option to scan encrypted connections because I use the Safe navigation mode for my Bank web

 

I hope help to resolve this bug report to Kaspersky that maybe they can make an update to solve this problem, as to report to google the same problem

 

Thanks for the help

Share this post


Link to post
Share on other sites

We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

 

In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

 

If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.

Share this post


Link to post
Share on other sites

Thank you for the information Adam, your presence and advice here is gratefully appreciated. I have informed a Kaspersky developer of your kind offer.

 

Eduardo, another solution is to disable Kaspersky from scanning encrypted connections...

Settings - Advanced (the brown box) - Network... uncheck the box which says "Scan encrypted connections".

post-10444-1284395306_thumb.png

 

 

Another solution is to disable scanning of encrypted connections to Chrome only by adding Chrome to Kaspersky's Trusted Applications list...

Settings - Advanced (the brown box) - Threats and Exclusions - (exclusions) Settings - Trusted Applications - Add - Applications and search Chrome.exe. Select it and click OK, tick "Do not scan Network Traffic" and click the blue "all" to make it change to "encrypted".

Click all the OKs.

post-10444-1284395316_thumb.png

Share this post


Link to post
Share on other sites

Thanks everybody for you help, contact Google and apparently already working on the problem, since it also occurs with other security suites

Share this post


Link to post
Share on other sites

I arises another question, if you advise me to disable the option to scan encrypted connections of KIS 2011. That advantage is to analyze the encrypted connections? and that as your answer is not very important to analyze these connection

 

Thanks for the help

Share this post


Link to post
Share on other sites
...your answer is not very important to analyze these connection

At the current state in time (as to how many times scanning of encrypted connections would have prevented an infection), I personally do not see a need to scan it, and do not use scanning of encrypted connections feature myself.

 

This may change depending on the threat landscape in the future, but at the moment, I personally am not worried about it.

Share this post


Link to post
Share on other sites
We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

 

In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

 

If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.

 

I have the same problem. what ever the url address i typed at the address bar going to save mode. Some time the error shows :

This webpage is not available

The webpage at http://yahoo.com/ might be temporarily down or it may have moved permanently to a new web address.

Error 324 (net::ERR_EMPTY_RESPONSE): Unknown error.

 

Any solution pl?

post-368293-1311219901_thumb.jpg

Share this post


Link to post
Share on other sites
We (Chrome) have only very recently been made aware of this issue and are exploring options to deal with it.

Yes, Adam, I posted a report suggesting that Chrome should investigate a similar error for stream 14.x.y.z

 

In the short term, disabling Kaspersky certainly works. You can also add --allow-ssl-mitm-proxies to Chrome's command line.

Which begs the question: Is chrome accepting responsibility for stolen financials now?

 

If anyone from Kaspersky wishes to contact me about this please email me at agl AT chromium DOT org. Man-in-the-middle attacking Chrome's HTTPS connections will cause things to break repeatedly in the future. I'd be happy to discuss less destructive methods of achieving your goals with respect to secure connections.

Perhaps a configurable whitelist of valid proxies might do the trick?

Edited by wiskas

Share this post


Link to post
Share on other sites

Update to Chrome 12.xx branch. There is no point in running such an outdated browser.

Share this post


Link to post
Share on other sites

Hi, I am new to the forum, so I hope I am doing this right.

I couldn't get any of the Google services; Google search, Google maps, Google calender, Google plus, Google Driver or even Google support, on my Chrome browser, but I could get it on my IE browser. I too got the error message: 'SSL connection error' when I tried to access any of these services (apart for Google Drive where the message read was something like app currently unavailable). My version of Chrome is: Version 35.0.1862.2 m, my operating system is Windows 7 and I have Kapersky 2013 installed. I tried many things, such as: uninstalling then re-installing Chrome, clearing history, running a malware scan, installing Windows updates, checking the time and date is correct at the bottom right of the screen and nothing seemed to help. Often I would regain Google services for just a few minuets and then they will be gone again.

Then, my husband found your message, dawgg, and I followed the instructions of your second solution. I would like to say a thank you to you dawgg, as it seems to have worked. All of my Google services are operational. I am no computer whizz and I am not actually sure what it is that I have done when I followed your instructions. You call it 'disable scanning of encrypted connections to Chrome' Does that effectively mean that I have just bypassed any security when I use Chrome from now on? Or does that fact that it is encrypted connections mean that it should be safe?

Regards

Karen G

edit: del large ancient quote.

Edited by richbuff

Share this post


Link to post
Share on other sites
Hi, I am new to the forum, so I hope I am doing this right.

I couldn't get any of the Google services; Google search, Google maps, Google calender, Google plus, Google Driver or even Google support, on my Chrome browser, but I could get it on my IE browser. I too got the error message: 'SSL connection error' when I tried to access any of these services (apart for Google Drive where the message read was something like app currently unavailable). My version of Chrome is: Version 35.0.1862.2 m, my operating system is Windows 7 and I have Kapersky 2013 installed. I tried many things, such as: uninstalling then re-installing Chrome, clearing history, running a malware scan, installing Windows updates, checking the time and date is correct at the bottom right of the screen and nothing seemed to help. Often I would regain Google services for just a few minuets and then they will be gone again.

Then, my husband found your message, dawgg, and I followed the instructions of your second solution. I would like to say a thank you to you dawgg, as it seems to have worked. All of my Google services are operational. I am no computer whizz and I am not actually sure what it is that I have done when I followed your instructions. You call it 'disable scanning of encrypted connections to Chrome' Does that effectively mean that I have just bypassed any security when I use Chrome from now on? Or does that fact that it is encrypted connections mean that it should be safe?

Regards

Karen G

Upgrade to 2014 version

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now