LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   HTTPS not working correctly in Chrome and Chromium... (https://www.linuxquestions.org/questions/linux-software-2/https-not-working-correctly-in-chrome-and-chromium-4175600599/)

ardvark71 02-25-2017 09:17 PM

HTTPS not working correctly in Chrome and Chromium...
 
Hi all...

I just recently discovered that I'm not able to get Google, YouTube and LQ to come up using https at all, even using the extension "HTTPS Everywhere" (in Chrome,) while Hotmail and other sites work fine. There are no issues at all with my copy of Firefox. Also, https works perfectly using Chrome on my other system running Windows Vista.

I found nothing amiss looking through my certificates under the "HTTPS/SSL" settings in either browser, however, I don't have any experience dealing with this particular issue, so I may have missed something. Searching through Google didn't turn up anything that was similar to my problem, although my search terms may have been the cause of that. If there is any additional information you need, please let me know. I'm running Lubuntu 14.04 and my versions of Chrome and Chromium are...

Chrome--> "Version 46.0.2490.86"

Chromium--> "Version 53.0.2785.143 Built on Ubuntu, running on Ubuntu 14.04"

Chromium is already the latest version available in Ubuntu's repositories, just confirmed that and Chrome was discontinued for 32 bit Linux after version 49, so upgrading isn't really an option (or will be considered) nor do I consider it the issue.

Any help would be greatly appreciated. :)

Regards...

TB0ne 02-26-2017 08:56 AM

Quote:

Originally Posted by ardvark71 (Post 5676086)
Hi all...
I just recently discovered that I'm not able to get Google, YouTube and LQ to come up using https at all, even using the extension "HTTPS Everywhere" (in Chrome,) while Hotmail and other sites work fine. There are no issues at all with my copy of Firefox. Also, https works perfectly using Chrome on my other system running Windows Vista.

I found nothing amiss looking through my certificates under the "HTTPS/SSL" settings in either browser, however, I don't have any experience dealing with this particular issue, so I may have missed something. Searching through Google didn't turn up anything that was similar to my problem, although my search terms may have been the cause of that. If there is any additional information you need, please let me know. I'm running Lubuntu 14.04 and my versions of Chrome and Chromium are...

Chrome--> "Version 46.0.2490.86"
Chromium--> "Version 53.0.2785.143 Built on Ubuntu, running on Ubuntu 14.04"

Chromium is already the latest version available in Ubuntu's repositories, just confirmed that and Chrome was discontinued for 32 bit Linux after version 49, so upgrading isn't really an option (or will be considered) nor do I consider it the issue.

You're using a VERY old version of Ubuntu (or is it Lubuntu? You mention both), and the latest version of Chromium is 54.x for Ubuntu. Neither of which is doing you any favors from a security/reliability standpoint. Using HTTPS on such old software is much like putting a deadbolt lock on a screen door. Also, "not able to get to" isn't much of a problem description...do you get a white page? Totally blank? ANY messages?? Without some sort of debugging information, there's not a lot we can guess at. You don't mention a firewall/proxy (using one?) and you haven't told us if this has EVER worked for you, or if this is a new issue. Did you try to start the browser from command-line, to see if you get any information there? Try starting "Developer Tools" from the options?

That said, there are steps to be taken that may work:
  • Clear cache, and of EVERYTHING. Cookies, history, the works, all the way to beginning of time, and restart.
  • Find the "Security Options" in preferences; Tick off "Use SSL 2.0", 3.0, and TLS 1.0, and restart.
  • Find the "Security Options" in preferences; UNcheck the "Use TLS 1.0" option and restart.
  • (If present), enable "Use TLS 1.1 & 1.2", and restart. Monkeying around with those settings may hit on a combination that works.
  • Try forcing the port. Instead of https://www.google.com, try https://www.google.com:443. If that works, it *MAY* 'just work' after that.
You're starting to have problems, because of your old OS/browser. Even if you get around this, you're only going to have lots more to come.

ardvark71 02-26-2017 05:05 PM

4 Attachment(s)
Quote:

Originally Posted by TB0ne (Post 5676251)
You're using a VERY old version of Ubuntu (or is it Lubuntu? You mention both), and the latest version of Chromium is 54.x for Ubuntu. Neither of which is doing you any favors from a security/reliability standpoint. Using HTTPS on such old software is much like putting a deadbolt lock on a screen door.?

Hi TB0ne...

Thank you for your help. :)

I'm using strictly Lubuntu 14.04, I only mentioned Ubuntu in reference to the repositories, which Lubuntu uses. It's still supported up until at some point later this year but, yes, I'm on "borrowed time," so to speak, with this particular version.

EDIT: I think I know why you may have thought I was running Ubuntu. For some reason, Chromium reported the version number and that it was built on and running in Ubuntu. That's not accurate, although Ubuntu is, what you could say, the "base" of Lubuntu, since Lubuntu is a derivative of Ubuntu.

Quote:

Originally Posted by TB0ne (Post 5676251)
Also, "not able to get to" isn't much of a problem description...do you get a white page? Totally blank? ANY messages?? Without some sort of debugging information, there's not a lot we can guess at. You don't mention a firewall/proxy (using one?) and you haven't told us if this has EVER worked for you, or if this is a new issue. Did you try to start the browser from command-line, to see if you get any information there? Try starting "Developer Tools" from the options?

I do get the page I'm looking for, just that "https" in front of the address has a red line through it. I am using a firewall (in Lubuntu and the one that is included in my DSL modem) but no proxies. If you would like, I can post back with the iptables rules that I have set. However, I think if the firewall was the issue, I would be having problems with Firefox as well. I don't remember https ever working normally, I just began to notice this over the last few days since I have no problems with this on my Windows system. Bringing up Chrome in a terminal reported nothing that would indicate that there's a problem.

However, after digging around a bit more, I found what may be issue and it appears like it has something to do with the certificates and not TLS. If so, I retract what I said in my previous post. I've included some screenshots below to show what I'm seeing. Lord willing, I can examine the Google certificate on my Windows system after a while to see if it's identical, similar or different, if that helps.

Quote:

Originally Posted by TB0ne (Post 5676251)
That said, there are steps to be taken that may work:
  • Clear cache, and of EVERYTHING. Cookies, history, the works, all the way to beginning of time, and restart.
  • Find the "Security Options" in preferences; Tick off "Use SSL 2.0", 3.0, and TLS 1.0, and restart.
  • Find the "Security Options" in preferences; UNcheck the "Use TLS 1.0" option and restart.
  • (If present), enable "Use TLS 1.1 & 1.2", and restart. Monkeying around with those settings may hit on a combination that works.
  • Try forcing the port. Instead of https://www.google.com, try https://www.google.com:443. If that works, it *MAY* 'just work' after that.

Unfortunately, I'm not able access the security options. I receive this message when I try...

Quote:

When running Google Chrome under a supported desktop environment, the system proxy settings will be used. However, either your system is not supported or there was a problem launching your system configuration.

But you can still configure via the command line. Please see man x-www-browser for more information on flags and environment variables.
Using the "x-www-browser" command only brings up another browser window. I'll try deleting the cookies and everything in Chromium (as a test) here shortly.

Regards...

ardvark71 02-26-2017 05:23 PM

Quote:

Originally Posted by TB0ne (Post 5676251)
That said, there are steps to be taken that may work:
  • Clear cache, and of EVERYTHING. Cookies, history, the works, all the way to beginning of time, and restart.
  • Try forcing the port. Instead of https://www.google.com, try https://www.google.com:443. If that works, it *MAY* 'just work' after that.

I deleted everything in Chromium you mentioned but unfortunately, there were no changes. Attempting to force https does not work, either. :(

Regards...

astrogeek 02-26-2017 05:33 PM

I know next to nothing about the 'Buntus, and of course the patch state of your machine, but looking only at the age and the fact that it only affects Chrome, I wonder if it is somehow related to: Google Chrome to Drop its Support For SSL Version 3.0.

ardvark71 02-26-2017 09:15 PM

Quote:

Originally Posted by astrogeek (Post 5676426)
I know next to nothing about the 'Buntus, and of course the patch state of your machine, but looking only at the age and the fact that it only affects Chrome, I wonder if it is somehow related to: Google Chrome to Drop its Support For SSL Version 3.0.

Hi....

Thank you for your reply. :)

I guess it may be a possibility, although from the screenshots I posted, it appears to be a certificate issue. :scratch:

Regards...

TB0ne 02-27-2017 07:15 AM

Quote:

Originally Posted by ardvark71 (Post 5676418)
Hi TB0ne...
I'm using strictly Lubuntu 14.04, I only mentioned Ubuntu in reference to the repositories, which Lubuntu uses. It's still supported up until at some point later this year but, yes, I'm on "borrowed time," so to speak, with this particular version.

EDIT: I think I know why you may have thought I was running Ubuntu. For some reason, Chromium reported the version number and that it was built on and running in Ubuntu. That's not accurate, although Ubuntu is, what you could say, the "base" of Lubuntu, since Lubuntu is a derivative of Ubuntu.

I do get the page I'm looking for, just that "https" in front of the address has a red line through it.

...which is NOT what you reported, is it?? Didn't you say in your first post "I'm not able to get Google, YouTube and LQ to come up using https at all". Now you're saying that they *DO* come up??? Which is it?

Quote:

I am using a firewall (in Lubuntu and the one that is included in my DSL modem) but no proxies. If you would like, I can post back with the iptables rules that I have set. However, I think if the firewall was the issue, I would be having problems with Firefox as well. I don't remember https ever working normally, I just began to notice this over the last few days since I have no problems with this on my Windows system. Bringing up Chrome in a terminal reported nothing that would indicate that there's a problem.

However, after digging around a bit more, I found what may be issue and it appears like it has something to do with the certificates and not TLS. If so, I retract what I said in my previous post. I've included some screenshots below to show what I'm seeing. Lord willing, I can examine the Google certificate on my Windows system after a while to see if it's identical, similar or different, if that helps.
Reset the router and firewall as a first step.
Quote:

Unfortunately, I'm not able access the security options. I receive this message when I try...
Using the "x-www-browser" command only brings up another browser window. I'll try deleting the cookies and everything in Chromium (as a test) here shortly.
So did you try configuring from the command-line? Remove any 'parental locks' and other junk that would prevent you from accessing the browser settings, then clear the cookies. Astrogeek makes a good point about Chrome dropping support for such old software, but clearing the certificates/caches will probably let things work.
Quote:

Originally Posted by ardvark71
I guess it may be a possibility, although from the screenshots I posted, it appears to be a certificate issue. 

No need to scratch your head or guess...it *IS* a security/certificate issue. And until you clear the cache and/or update things, you're stuck with it.

ardvark71 02-27-2017 08:44 AM

Quote:

Originally Posted by TB0ne (Post 5676591)
...which is NOT what you reported, is it?? Didn't you say in your first post "I'm not able to get Google, YouTube and LQ to come up using https at all". Now you're saying that they *DO* come up??? Which is it?

Hi...

I don't understand what you mean or how you got this idea. It's still exactly what I reported in my first post.

Quote:

Originally Posted by TB0ne (Post 5676591)
Astrogeek makes a good point about Chrome dropping support for such old software, but clearing the certificates/caches will probably let things work.

Is this how I would do that and if I get rid of all of them, what will be the effect of that? Do they just get replenished/reinstalled by the various web sites? Is there another way of clearing out the certificates than what I lined to above?

Quote:

Originally Posted by TB0ne (Post 5676591)
No need to scratch your head or guess...it *IS* a security/certificate issue. And until you clear the cache and/or update things, you're stuck with it.

Thanks! :)

Regards...

TB0ne 02-27-2017 09:53 AM

Quote:

Originally Posted by ardvark71 (Post 5676623)
Hi...
I don't understand what you mean or how you got this idea. It's still exactly what I reported in my first post.

Really??? Your very first post:
"I just recently discovered that I'm not able to get Google, YouTube and LQ to come up using https at all,"
...followed up by:
"I do get the page I'm looking for, just that "https" in front of the address has a red line through it."
Do you honestly not see how those two things contradict each other??? The first says you're not able to get the pages to come up at all; the second says you ARE able to.
Quote:

Is this how I would do that and if I get rid of all of them, what will be the effect of that? Do they just get replenished/reinstalled by the various web sites? Is there another way of clearing out the certificates than what I lined to above?
Certificates are downloaded when you visit the site. Not going to explain certificates to you...there is ample documentation.

TheEzekielProject 02-27-2017 10:14 AM

Quote:

Originally Posted by TB0ne (Post 5676654)
Really??? Your very first post:
"I just recently discovered that I'm not able to get Google, YouTube and LQ to come up using https at all,"
...followed up by:
"I do get the page I'm looking for, just that "https" in front of the address has a red line through it."
Do you honestly not see how those two things contradict each other??? The first says you're not able to get the pages to come up at all; the second says you ARE able to.

Well, he does explicitly say "using https" along with "at all".

gradinaruvasile 02-27-2017 10:23 AM

https://security.googleblog.com/2016...in-chrome.html

ardvark71 02-27-2017 10:33 AM

Quote:

Originally Posted by TB0ne (Post 5676654)
Really??? Your very first post:
"I just recently discovered that I'm not able to get Google, YouTube and LQ to come up using https at all,"
...followed up by:
"I do get the page I'm looking for, just that "https" in front of the address has a red line through it."

Hi...

A wrong choice of words perhaps. I do get the sites I mentioned to come up but always with a red slash mark through "https," as shown in my screenshots. At that point, I'm guessing I'm seeing the non-secure "http" version.

Regards...

ardvark71 02-27-2017 10:37 AM

Quote:

Originally Posted by gradinaruvasile (Post 5676666)

Hi...

Thank you for this information. :)

Regards...

TB0ne 02-27-2017 10:38 AM

Quote:

Originally Posted by ardvark71 (Post 5676669)
Hi...
A wrong choice of words perhaps. I do get the sites I mentioned to come up but always with a red slash mark through "https," as shown in my screenshots. At that point, I'm guessing I'm seeing the non-secure "http" version.

Not "perhaps"...saying they don't come up at all is a far cry from "Yes, they come up but with a red slash across https".

You have certificate issues; again, clear your certificates/cache/etc., and it MAY help. Barring that, not much you can do with such very old software.

ardvark71 02-27-2017 10:43 AM

Quote:

Originally Posted by TB0ne (Post 5676673)
Not "perhaps"...saying they don't come up at all is a far cry from "Yes, they come up but with a red slash across https".

You have certificate issues; again, clear your certificates/cache/etc., and it MAY help. Barring that, not much you can do with such very old software.

Thank you for your help. Lord willing, I'll post back with any results. :)

Regards...


All times are GMT -5. The time now is 05:36 AM.