On 2/7/23 12:25, giovanni@paclan.it wrote:
> On 1/23/23 17:12, Bambero wrote:
>>
>> Hi,
>>
>> This is strange problem probably LibreSSL related.
>>
>> After upgrade OpenBSD to 7.2 windows clients using google chrome browser have problems to connect to apache server.
>> Some requests are served correct, but periodically browser shows NET::CERT_COMMON_NAME_INVALID and in server logs we can see:
>>
>> AH02645: Server name not provided via TLS extension (using default/first virtual host), default
>>
>> There was no problem under 7.1.
>>
>> The problem occurs only when using google chrome browser (not chromium) under windows.
>>
>> I compiled under 7.2 version of apache from 7.1 and from current - didn't help.
>> OpenBSD builtin server works correct.
>>
>> Problem also submitted here:
>> https://bugs.chromium.org/p/chromium/issues/detail?id=1409224
>>
> Google analysis pointed to the fact that they recently enabled "Permute TLS extensions" by default in Chrome, is this something we need to implement in LibreSSL ?
> Regards
> Giovanni
>
With latest Chrome version (111.0.5563) I cannot trigger this issue anymore, I think they have changed their TLS code.
Giovanni
No comments:
Post a Comment