Err ssl protocol error linux

Vesta Control Panel — Forum

Не работает SSL (ERR_SSL_PROTOCOL_ERROR) Topic is solved

Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by 1RONMAN » Sat Mar 16, 2019 6:58 am

Приветствую, уважаемые форумчане! Проблема возникла довольно внезапно, всё что пришло в голову сам уже перепробовал, но знаний в этой области катастрофически не хватает, посему обращаюсь за помощью к вам.

На VPS установлена панель VestaCP, есть несколько сайтов, пара тестовых и один основной рабочий. Пару дней назад забыл продлить его домен, в итоге поимел себе следующую проблему: непродлённый домен отрубился, сайт перестал работать, после продления появилась ошибка SSL (ERR_SSL_PROTOCOL_ERROR), перевыпустил сертификат средствами панели — не помогло.

Если проверять здесь: https://www.ssllabs.com/ssltest/analyze.html
Получаю ответ «Assessment failed: No secure protocols supported»
Насколько я понимаю это говорит о том что сервер даже не пытается отдавать шифрованные данные клиенту..

При этом в панели SSL для конкретного домена включен. Работает всё на связке NGINX+PHP-FPM, используемая ОС Ubuntu 16.04.6 LTS, сайты работают на CMS WordPress. В настройках WordPress home и siteurl указаны через https://

Ранее была проблема с ошибками конфигурации NGINX:

nginx: [warn] the «ssl» directive is deprecated, use the «listen . ssl» directive instead in /home/user/conf/web/domain1.ru.nginx.ssl.conf:10
nginx: [warn] the «ssl» directive is deprecated, use the «listen . ssl» directive instead in /home/user/conf/web/domain2.ru.nginx.ssl.conf:10
nginx: [warn] the «ssl» directive is deprecated, use the «listen . ssl» directive instead in /home/user/conf/web/domain3.ru.nginx.ssl.conf:10
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Поправил соответствующие файлы, указал директиву «listen 443 ssl;» директиву «ssl on;» откомментировал подставив перед ней #

Теперь в выводе nginx -t ошибок нет:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Кстати ssl в данный момент не работает для всех доменов, хотя раньше работал и на тестовых. Сертификаты везде от Let’s Encrypt.

В error.log по домену на запрос любой страницы ошибка:
2019/03/16 13:54:16 [crit] 8372#8372: *714 open() «/home/user/web/domain.ru/public_html/» failed (13: Permission denied), client: 185.234.218.33, server: domain.ru, request: «GET /?author=4 HTTP/1.1», host: «domain.ru»

Шаблон в панели установлен wordpress2. куда копать совсем не понимаю, дайте пожалуйста какое-нибудь направление! 🙁

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by 1RONMAN » Sat Mar 16, 2019 10:17 am

Судя по всему проблема была связана с тем что у меня было 2 домена на 1 IP и на обоих был включен SSL. Не знаю как это связано но отключение SSL на первом домене мгновенно решило проблему со вторым — SSL заработал, сайт стал доступен. Вот так.

Хотелось бы услышать комментарии профи по этому поводу.)

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by DESSAR_SEGA » Sun May 26, 2019 10:02 pm

Судя по всему проблема была связана с тем что у меня было 2 домена на 1 IP и на обоих был включен SSL. Не знаю как это связано но отключение SSL на первом домене мгновенно решило проблему со вторым — SSL заработал, сайт стал доступен. Вот так.

Хотелось бы услышать комментарии профи по этому поводу.)

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by mr.flash » Thu May 30, 2019 2:51 am

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by mr.flash » Thu May 30, 2019 3:02 am

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by 1RONMAN » Wed Oct 23, 2019 9:07 am

Немного займусь некропостингом: после этой проблемы добавил для каждого домена свой IP, после этого всё стало работать нормально.

Однако тут стоит упомянуть что на тот момент у меня в принципе был достаточно криво настроен сервер, так что я бы не стал винить в этом Vesta. Возможно причина вообще в другом, а в чём я не знаю т.к. было принято решение тупо переустановить сервер уже с новым дистрибутивом (но это совсем другая история).

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by skurudo » Wed Oct 23, 2019 9:41 am

Re: Не работает SSL (ERR_SSL_PROTOCOL_ERROR)

Post by 1RONMAN » Wed Oct 23, 2019 9:55 am

Источник

Thread: MEGA thread: ERR_SSL_PROTOCOL_ERROR for all Google products

Thread Tools

Display

MEGA thread: ERR_SSL_PROTOCOL_ERROR for all Google products

any time I try to access Google anything from Chromium: gmail, maps, blog dash, even Google forum where I wanted to look for an answer to the problem. I don’t have this problem with Firefox or Chrome (for which I got an update this morning via update manager). I compared settings > advanced > HTTPS/SSL > manage certificates in both Chrome and Chromium and they appear to be identical. Now what?

Cannot use Google: ERR_SSL_PROTOCOL_ERROR

Today I can’t access Google using Chromium. This isn’t the end of the world, as I also have Firefox installed and that plays with Google just fine. But it is annoying, as Chromium is the browser I use default; and as Google won’t let me in, I can’t get to Gmail.

This is what Google says:

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don’t have.
Error code: ERR_SSL_PROTOCOL_ERROR

The time and date on my computer are correct. I can’t think of anything I’ve done that would have messed with Chromium. I tried disabling Chrome QUIC Protocol (something I found on Google) and that didn’t make any difference?

Any ideas? Help me, Ubuntuforums, you’re my only hope!

Spider Jerusalem, Transmetropolitan #4

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

You could try a new chromium profile by renaming the

/.config/chromium folder for a start to see if that solves the problem, and then take it from there.

All your bookmarks etc etc will be safe in the renamed configuration so you can restore them easily if you don’t sync them over all your devices and browsers.

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

Thanks for the suggestion, but no, that didn’t work for me either.

I believe this is a bigger magnitude issue. has there been an update lately?

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

There has been an update lately. or, at least for 12.04. a few days ago. At the end of taking the update I clicked «Check» and quite a number of other updates got in queue and I took them. That was morning mountain time. That evening all Google related. YouTube, G-Mail, etc. showed SSL connection error.

This, to be exact.

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.
Error code: ERR_SSL_PROTOCOL_ERROR

Last edited by Mike Krall; February 20th, 2016 at 06:54 AM .

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

I have a theory on what happened: I opened Chromium Browser to review new posts from subscriptions at Google+® and YouTube℠ (both Alphabet Corporation properties) and, upon attempting to open:

ran into the ERR_SSL_PROTOCOL_ERROR. All available information as of 19 February 2016 points to a regression in Chromium triggered by the security updates to:

libnss3:amd64 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)
libnss3:i386 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)
libnss3-1d:amd64 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)

Mozilla® Firefox® 44.0.3-build2 behaves normally on the same URI, and Bug #1547762 for chromium-browser is already open at Launchpad™. Recommend opening new bugs for libnss-3 and libnss3-1d.

Last edited by bcschmerker; February 20th, 2016 at 08:18 AM . Reason: Add detail on bug reference.

Источник

Thread: MEGA thread: ERR_SSL_PROTOCOL_ERROR for all Google products

Thread Tools

Display

MEGA thread: ERR_SSL_PROTOCOL_ERROR for all Google products

any time I try to access Google anything from Chromium: gmail, maps, blog dash, even Google forum where I wanted to look for an answer to the problem. I don’t have this problem with Firefox or Chrome (for which I got an update this morning via update manager). I compared settings > advanced > HTTPS/SSL > manage certificates in both Chrome and Chromium and they appear to be identical. Now what?

Cannot use Google: ERR_SSL_PROTOCOL_ERROR

Today I can’t access Google using Chromium. This isn’t the end of the world, as I also have Firefox installed and that plays with Google just fine. But it is annoying, as Chromium is the browser I use default; and as Google won’t let me in, I can’t get to Gmail.

This is what Google says:

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don’t have.
Error code: ERR_SSL_PROTOCOL_ERROR

The time and date on my computer are correct. I can’t think of anything I’ve done that would have messed with Chromium. I tried disabling Chrome QUIC Protocol (something I found on Google) and that didn’t make any difference?

Any ideas? Help me, Ubuntuforums, you’re my only hope!

Spider Jerusalem, Transmetropolitan #4

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

You could try a new chromium profile by renaming the

/.config/chromium folder for a start to see if that solves the problem, and then take it from there.

All your bookmarks etc etc will be safe in the renamed configuration so you can restore them easily if you don’t sync them over all your devices and browsers.

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

Thanks for the suggestion, but no, that didn’t work for me either.

I believe this is a bigger magnitude issue. has there been an update lately?

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

There has been an update lately. or, at least for 12.04. a few days ago. At the end of taking the update I clicked «Check» and quite a number of other updates got in queue and I took them. That was morning mountain time. That evening all Google related. YouTube, G-Mail, etc. showed SSL connection error.

This, to be exact.

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.
Error code: ERR_SSL_PROTOCOL_ERROR

Last edited by Mike Krall; February 20th, 2016 at 06:54 AM .

Re: Cannot use Google: ERR_SSL_PROTOCOL_ERROR

I have a theory on what happened: I opened Chromium Browser to review new posts from subscriptions at Google+® and YouTube℠ (both Alphabet Corporation properties) and, upon attempting to open:

ran into the ERR_SSL_PROTOCOL_ERROR. All available information as of 19 February 2016 points to a regression in Chromium triggered by the security updates to:

libnss3:amd64 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)
libnss3:i386 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)
libnss3-1d:amd64 (3.19.2.1-0ubuntu0.12.04.2, 3.21-0ubuntu0.12.04.1)

Mozilla® Firefox® 44.0.3-build2 behaves normally on the same URI, and Bug #1547762 for chromium-browser is already open at Launchpad™. Recommend opening new bugs for libnss-3 and libnss3-1d.

Last edited by bcschmerker; February 20th, 2016 at 08:18 AM . Reason: Add detail on bug reference.

Источник

ERR_SSL_PROTOCOL_ERROR: how to fix the Chrome bug

Chrome is one of the best and most popular browsers worldwide for various reasons. The Google application does not only have the reputation of being especially fast, but also very secure. If you create an account, you can use automatic synchronization from any device to access all settings at the same time, set favorites, and even access open tabs. In addition, design templates, apps, and extensions can be used to tailor the look and functionality perfectly to your own needs – regardless of whether a Windows, Linux, or macOS operating system is used.

But even Google’s miracle weapon – like any other software – is not completely problem and error free. More frequently seen error messages include the error code ‘ERR_SSL_PROTOCOL_ERROR’, which informs the browser user that there was a failed secure connection to the contacted server. What exactly is this SSL connection error and how can the ERR_SSL_PROTOCOL_ERROR be fixed?

SSL certificates from IONOS

Protect your domain and gain visitors’ trust with an SSL-encrypted website!

What lies behind the SSL connection error?

The times when the web was simply used as an information platform are a thing of the past. Today, PC and mobile device browsers are being used more frequently to make money transfers, play games, buy products, store files in the cloud, or interact with other users. The fact that more and more personal and sensitive information is being transferred means that it’s becoming easier for criminals. Customer data, company internals, and other private data are especially favored by thieves nowadays, which is why SSL and TLS have become an absolute must.

The security protocol, which is based on the standard Web protocol HTTP, guarantees secure connections via certificate exchange. It also ensures that the data streams are transmitted in encrypted form. If an SSL-protected website is accessed with the Google browser and the secure connection does not work, the ‘ERR_SSL_PROTOCOL_ERROR’ message will appear. This is how Chrome informs the user that there is a problem preventing the necessary certificate exchange.

In order to protect your privacy, the video will not load until you click on it.

Possible causes for ERR_SSL_PROTOCOL_ERROR

If Chrome displays the error message when calling up an HTTPS address, the browser provides the following, very general explanation for why the connection setup has failed:

‘Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.’

Much of the information cannot be inferred from this description, as it simply states that the problem exists either on the server side or on the client side (browser side). The former is often due to the fact that the contacted site is SSL/TLS certified, but the certificate hasn’t been renewed in time and has expired. In addition, a wide variety of technical problems can also be responsible for the exchange of certificates not working.

If you suspect a server error is behind an ERR_SSL_PROTOCOL_ERROR message, it may make sense to come back to the website later. If the problem persists, you should contact the responsible webmaster.

If the ERR_SSL_PROTOCOL_ERROR has to do with the user’s browser, this can be due to many reasons. Contrary to what appears to be the case in the above description, it is quite possible that the client has the authentication certificate and the server simply cannot find it. The most common, well-known reasons include the following:

• the system date or time is not correct
• the website or IP address is blocked by a firewall or an antivirus program
• SSL/TLS connections are blocked by a firewall or antivirus program
• the HOSTS file is corrupted
• the SSL or browser cache contains outdated certificate versions
• Chrome extensions are causing the error message
• QUIC protocol is blocking the connection setup

Fixing the ERR_SSL_PROTOCOL_ERROR – how it works

The list of possible causes for the ERR_SSL_PROTOCOL_ERROR message shows that there is no general solution. Instead, there are several options that you can try to solve the SSL connection problem on your own. First of all, you can try a «trick», which always proves to be an effective means of dealing with various web errors: restarting your router. It is not uncommon for connection problems to disappear when the device reconnects to the Internet. If the message still appears in the Chrome browser, you can try these solutions:

Solution 1: check the system date/time

Since incorrect system dates and times can cause the SSL/TLS connection to fail, you should take a look at the system clock when the ‘ERR_SSL_PROTOCOL_ERROR’ message appears in your Chrome browser window. If there is a significant difference between what’s shown and the actual time or if the wrong date has been set, the browser is often unable to load SSL connections correctly. Make sure that the date and time are correct and adjust them if necessary. By default, you can do this directly from the taskbar – alternatively, you can find the right menu under ‘Date and time’ in the Control Panel.

By default, operating systems set the correct time values when the device is connected to the Internet – and also take the time change into account.

Solution 2: temporarily disable antivirus and firewall programs

Software (to protect against malware) and a firewall are mandatory for every user who plans to connect their device to the Internet. However, since security tools like these work with various algorithms and rules, they can prevent access to certain websites even if they don’t pose a security risk. For example, it is possible that the IP address or domain address has been classified as a security risk and that’s why it’s being blocked. Chrome also displays the ERR_SSL_PROTOCOL_ERROR message if SSL connections are generally blocked by a tool.

You can easily test whether the security programs you are using are triggering the error message by temporarily disabling them and revisiting the website in question. If the connection setup now works without problems, you know that you have to make changes in the settings of the programs and remove the IP address from the blacklist.

In order to protect your privacy, the video will not load until you click on it.

Solution 3: delete SSL cache and browser cache

In some cases, cached information in the SSL cache (SSL status) or browser cache may also be responsible for the ERR_SSL_PROTOCOL_ERROR message in Chrome. If this is the case, all you have to do is clear the cache to rectify the error.

In Chrome, simply open the settings menu by clicking on the three dots in the top right-hand corner and choose the ‘Settings‘ option from the drop-down menu.

You can also access the settings menu with your mobile device by clicking on the three dots.

Click the ‘Advanced‘ button to access the ‘Privacy and security‘ options. There you will find what you’re looking for – ‘Clear browsing data‘, which you can use to delete the Chrome cache.

You can also access the cache delete menu in an even quicker way by entering the following address as the URL: chrome://settings/clearBrowserData.

To solve the certificate problem, it makes sense to clear the Chrome cache for the entire period and not just for the last few hours.

The SSL cache is managed by the operating system itself, which is why it cannot be deleted using Chrome. You will find the corresponding function in the network and internet setting, which can be accessed in Windows via the control panel.

In the Network and Internet Control Panel, the most important settings for local networks and the internet can be found on Windows devices.

In ‘Network and Internet’, you will find ‘Internet Properties’, which you should select. Then click the ‘Content’ tab, then click ‘Clear SSL state’.

For most operating systems, such as Windows 7, the SSL cache is referred to as the SSL status.

You receive a status report when the cache has been deleted and you can then check whether the ERR_SSL_PROTOCOL_ERROR problem has been solved by emptying the cache then accessing the site again using Chrome.

The message ‘SSL cache was successfully cleared’ informs users that Windows was able to delete the certificate cache as desired.

Solution 4: deactivate Chrome extensions

Just like every internet browser, Google Chrome can be extended with plugins, which add additional features, games, or new designs to the user interface. However, with each additional extension, you run the risk of impairing the browser’s functionality and causing error messages such as ERR_SSL_PROTOCOL_ERROR. If the previous solutions haven’t been successful, it might be worthwhile to deactivate the extensions until you want to use them again. If the SSL connection is then able to be successfully established, you know it was the extension that was blocking it. By reactivating the extensions step by step (including doing the connection test), you can easily identify what was responsible.

To access the extensions, click on the three dots next to the browser’s search bar, just like when you’re deleting the Chrome cache. From the drop-down menu, select ‘More tools‘, then ‘Extensions‘.

You can also enter chrome://extensions/ into the search bar to go directly to the extensions.

Via the menu item ‘More tools’, you can access developer tools and the browser’s task manager as well as the Chrome extensions.

Deactivate the activated extensions one after the other by unchecking all the checked boxes, then restart Chrome and check if ERR_SSL_PROTOCOL_ERROR continues to occur when you try to access the target website.

To enable a deactivated extension in Chrome, all you have to do is check the ‘Enable’ box next to the relevant extension.

Solution 5: switch off the QUIC protocol

Google Chrome was one of the first browsers to implement QUIC. The future-oriented protocol is intended to provide extra speed when setting up a connection, among other things. Officially still in the test phase, it is already activated by default as an ‘experimental protocol‘ in various services offered by the large corporation such as the Google browser, which means it could be a possible cause for the ERR_SSL_PROTOCOL_ERROR. It is sometimes enough to simply deactivate QUIC to solve the problem. To do this, first enter the following address in the search bar:

In the Chrome flag menu, all features are listed that have not yet been officially implemented in the browser. Here you will see ‘Default’ chosen, which means that QUIC is active. To switch the protocol off, select the ‘Disabled‘ option and restart Chrome.

Via Google Chrome, users can access the QUIC protocol on the most popular devices (macOS, Windows, Linux, Android).

Solution 6: delete or reset hosts file to its default setting

Before the Domain Name System (for name resolution on the internet) was introduced and established, a system based on local text files was used, which had to be maintained manually. This file named ‘hosts’ still exists today in common operating systems, but is usually only used for assigning addresses in local networks.

It is, however, possible for malicious programs to modify the hosts file so that you are redirected to the wrong websites or so that error messages such as ERR_SSL_PROTOCOL_ERROR appear. However, by deleting the file or restoring the default settings (if you have made your own network configurations), you can quickly fix this problem. With Windows, it works like this:

1. Open the ‘Run’ program by pressing the Windows key and [R] at the same time.
2. In the new window, specify the directory in which the hosts file is located by inserting the following line (if Windows is not installed on C:, you must use the appropriate drive letter):

C:WindowsSystem32driversetc

To edit the hosts file, simply open it with the text editor of your choice.

Users of other systems can proceed in the same way (access directory, then delete the file), but the directory path varies from system to system: macOS, Unix, Linux, and Android users can find the hosts file in /etc/hosts. iOS stores the file in the /private/etc/hosts directory.

• 28.02.19
• Technical matters

• Wie gefällt Ihnen der Artikel? 0

  

  It’s very likely that you’ve stumbled on the ‘HTTP Error 503 The service is unavailable’ notification or something similar during your daily browsing. The error message appears whenever a web server can’t display the website that the user is trying to access. There are many reasons for these notifications, just as there are many solutions. It’s your responsibility as the website operator to.

  

  Error messages when surfing the net are a nuisance for everyone involved, but especially for those who have to find out what the problem is. The search for a solution can be particularly tedious if the status code message barely provides any information on the source of the error. The HTTP error 500 (“Internal Server Error”) is a collective status code. We give you tips on where errors could have.

  

  If Chrome displays the message «ERR_CONNECTION_CLOSED» instead of the website you want to access, it means that the contacted server has interrupted the connection. Reloading the URL is often not enough to fix the problem. Unfortunately, determining the source of the error is anything but a simple task. To fix the «ERR_CONNECTION_CLOSED» error, you need a good amount of patience.

  

  Via the Windows Update feature, Microsoft provides users with the latest features and fixes for Windows or installs Microsoft services and apps. Since the Creators Update V1703, some users have been receiving the message “INET_E_RESOURCE_NOT_FOUND” when they try to access the Microsoft Edge browser. But what exactly does this error mean and how can it be rectified?

  

  Every Windows user knows: No matter which version you use, the popular Microsoft operating system has its bad days. Sometimes these are so serious that the worst possible outcome happens: Windows won’t boot anymore. You might think there’s nothing you can do, but don’t panic: Boot problems and bluescreens can be solved quickly in most cases.

  Источник

Following @muru’s good suggestion, in a comment to my question, I have filed a bug report in Launchpad, regarding this issue:

Bug #1547762 “SSL Protocol Error” in Chromium for several Google web sites after installing Ubuntu Security Updates for libnss3 : Bugs : chromium-browser package : Ubuntu
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1547762

That bug report has now the information that «This bug affects you and 12 other people«. The Status of the bug was changed from ‘New’ «to ‘Confirmed’ because the bug affects multiple users«.

So, it seems this is indeed a bug. I’ll keep updating this answer according to the progress of that Bug Report.

NEWS FLASH (Feb 25, 2016): This issue was apparently fixed by a Software Update to Chromium that was made available today! For more detail, read «Update #3 (Feb 25, 2016)» further down:

Update #1 (Feb 22, 2016):

• The bug web page is now listed as affecting 38 people. It is still listed as «Unassigned»

• In «Comment #13» — https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1547762/comments/13 — in that «Bug» web page, the user «beljoost (tempample)» has noted that a Bug had been reported in the «Chromium» issue tracker (on Feb 19, 2016): «Issue 588146 — chromium — SSL connection error after security update» -https://bugs.chromium.org/p/chromium/issues/detail?id=588146 — which was closed as «Wontfix» with the following reason:

Based on the bug template, you’ve indicated you’re running version
«37.0.2062.120», which is no longer supported, and has a number of
critical security bugs. You should upgrade to the latest version of
Chrome, which is Chrome 48.

If you’re running a version provided by another party, such as your
distro, please inform them that they’re distributing an insecure
version.

You can download the latest stable version of Chrome at
https://www.google.com/chrome/

• In «Comment #17» — https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1547762/comments/17 — the same user «beljoost (tempample)» has noted that a related bug exists in the Ubuntu issue tracker (reported on June 26, 2015) «complaining» that (at that time) «The latest version for 12.04 is 37.0.2062.120 » while «The latest version for 14.04 is 43.0.2357.81 «. That bug still appears as «Unassigned«:

Bug #1468666 “Chromium VERSION on Ubuntu 12.04 LTS” : Bugs : chromium-browser package : Ubuntu
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1468666

Update #2 (Feb 23, 2016):

The bug that I had opened («Bug #1547762 «SSL Protocol Error» in Chromium for several Google web sites after installing Ubuntu Security Updates for libnss3«) was marked as being a duplicate of the following bug, reported on November 27, 2015 (affecting now 53 people, still marked as «Unassigned «):

Bug #1520568 «All queries fails when ‘google’ is used: ERR_SSL_PROTOCOL_ERROR» : Bugs : chromium-browser package : Ubuntu
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1520568

Update #3 (Feb 25, 2016):

This issue seems to be fixed by Software Updates to Chromium that were made available today! For the Bug 1520568 «All queries fails when ‘google’ is used: ERR_SSL_PROTOCOL_ERROR», the user «Marc Deslauriers (mdeslaur)» and the bot «Launchpad Janitor (janitor)» added information regarding a patch made available today and reported that «This bug was fixed in the package chromium-browser — 37.0.2062.120-0ubuntu0.12.04.2«. The Status of that Bug got consequently changed from «Confirmed» to «Fix Released«.

So, in «Comment #47» of that page, the following info appears:

Launchpad Janitor (janitor) wrote 21 hours ago: #47

This bug was fixed in the package chromium-browser — 37.0.2062.120-0ubuntu0.12.04.2

---

chromium-browser (37.0.2062.120-0ubuntu0.12.04.2) precise-security; >urgency=medium

• debian/patches/nss-321-fix.patch: fix compatibility with nss 3.21.
  (LP: #1520568)

— Marc Deslauriers Wed, 24 Feb 2016 13:42:57 -0500

And, in fact, the «Update Manager» was «filled» with several available updates, including the 3 patches below for Chromium. I tested closing «Chromium» and then selecting only those 3 patches, installed them and then started Chromium again, to see if those patches were enough to solve the problem… and they were enough!

So now, Chromium is now again able to open Google web sites. Obviously, I suggest that you also install the other available patches/Security updates. For now, I installed only the 3 available patches for chromium, because I wanted to see if those were enough to solve the issue.

Under these circumstances, I believe that I can now mark this question as answered

Update information for Chromium packages:

Chromium browser
chromium-browser (Size: 45,4 MB)

Changes for the versions:
Installed version: 37.0.2062.120-0ubuntu0.12.04.1~pkg917
Available version: 37.0.2062.120-0ubuntu0.12.04.2

Version 37.0.2062.120-0ubuntu0.12.04.2:

• debian/patches/nss-321-fix.patch: fix compatibility with nss 3.21.
  (LP: #1520568)

chromium-browser language packages
chromium-browser-l10n (Size: 2,9 MB)

Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra (Size: 831 kB)

Приветствую, уважаемые форумчане! Проблема возникла довольно внезапно, всё что пришло в голову сам уже перепробовал, но знаний в этой области катастрофически не хватает, посему обращаюсь за помощью к вам.

На VPS установлена панель VestaCP, есть несколько сайтов, пара тестовых и один основной рабочий. Пару дней назад забыл продлить его домен, в итоге поимел себе следующую проблему: непродлённый домен отрубился, сайт перестал работать, после продления появилась ошибка SSL (ERR_SSL_PROTOCOL_ERROR), перевыпустил сертификат средствами панели — не помогло.

Если проверять здесь: https://www.ssllabs.com/ssltest/analyze.html
Получаю ответ «Assessment failed: No secure protocols supported»
Насколько я понимаю это говорит о том что сервер даже не пытается отдавать шифрованные данные клиенту..

При этом в панели SSL для конкретного домена включен. Работает всё на связке NGINX+PHP-FPM, используемая ОС Ubuntu 16.04.6 LTS, сайты работают на CMS WordPress. В настройках WordPress home и siteurl указаны через https://

Ранее была проблема с ошибками конфигурации NGINX:

Кстати ssl в данный момент не работает для всех доменов, хотя раньше работал и на тестовых. Сертификаты везде от Let’s Encrypt.

В error.log по домену на запрос любой страницы ошибка:
2019/03/16 13:54:16 [crit] 8372#8372: *714 open() «/home/user/web/domain.ru/public_html/» failed (13: Permission denied), client: 185.234.218.33, server: domain.ru, request: «GET /?author=4 HTTP/1.1», host: «domain.ru»

Шаблон в панели установлен wordpress2….куда копать совсем не понимаю, дайте пожалуйста какое-нибудь направление!

I’m having problems with configuring HTTPS on my site that runs on a Debian server.

The error Google Chrome shows is:

err_ssl_protocol_error

This is my config:

/etc/apache2/ports.conf

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
        Listen 443 http
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

/etc/apache2/enabled-sites/000-default

<VirtualHost *:443>

 ## Anything matching this host should be silently ignored.
<Location />
Order Allow,Deny
Allow from all
</Location>
</VirtualHost>

/etc/apache2/enabled-sites/site

<VirtualHost *:80>

ServerName domain.be
ServerAlias domain.be www.domain.be www.domain.eu  test.domain.be
ServerAdmin webmaster@localhost

    DocumentRoot /var/www/htdocs/site
    <Directory />
            Options FollowSymLinks
            AllowOverride none
    </Directory>
    <Directory /var/www/htdocs/mds>
            Options  FollowSymLinks MultiViews
            AllowOverride all
            Order allow,deny
            allow from all
    </Directory>


    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mpm_itk_module>
AssignUserId domain domain
</IfModule>
</VirtualHost>

/etc/apache2/enabled-sites/site-ssl

<IfModule mod_ssl.c>

NameVirtualHost *:443
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName www.domain.be
        ServerAlias *.domain.be

        DocumentRoot /var/www/htdocs/site
        <Directory />
                Options FollowSymLinks
                AllowOverride none
        </Directory>
        <Directory /var/www/htdocs/mds>
                Options FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log


        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

        SSLEngine on

        SSLProtocol all -SSLv2 -SSLv3
        SSLCompression off
        SSLCipherSuite AES128+EECDH:AES128+EDH

        SSLCertificateFile    /etc/ssl/apache/certs/domain2.crt
        SSLCertificateKeyFile   /etc/ssl/apache/private/domain2.key

          SSLCertificateChainFile /etc/ssl/apache/certs/global.crt


        <FilesMatch ".(cgi|shtml|phtml|php)$">

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

     SSLOptions +StdEnvVars
        </FilesMatch>
        BrowserMatch "MSIE [2-6]" 
                nokeepalive ssl-unclean-shutdown 
                downgrade-1.0 force-response-1.0

        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<IfModule mpm_itk_module>
AssignUserId mds mds
</IfModule>
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName www.domain.eu
        ServerAlias *.domain.eu

        DocumentRoot /var/www/htdocs/mds
        <Directory />
                Options FollowSymLinks
                AllowOverride none
        </Directory>
        <Directory /var/www/htdocs/mds>
                Options FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log


        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

        SSLEngine on

        SSLProtocol all -SSLv2 -SSLv3
        SSLCompression off
        SSLCipherSuite AES128+EECDH:AES128+EDH


        SSLCertificateFile    /etc/ssl/apache/certs/domain2.crt
        SSLCertificateKeyFile   /etc/ssl/apache/private/domain2.key

        SSLCertificateChainFile /etc/ssl/apache/certs/global.crt

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch ".(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        BrowserMatch "MSIE [2-6]" 
                nokeepalive ssl-unclean-shutdown 
                downgrade-1.0 force-response-1.0

        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<IfModule mpm_itk_module>
AssignUserId mds mds
</IfModule>
</VirtualHost>
</IfModule>

I also have these errors in the log:

[Wed May 30 12:03:13 2018] [warn] Init: (Server.domain.local:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Wed May 30 12:03:13 2018] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed May 30 12:03:14 2018] [notice] Apache/2.2.22 (Debian) PHP/5.4.45-0+deb7u14 mod_ssl/2.2.22 OpenSSL/1.0.1t configured -- resuming normal operations

Where could my problem be?

Страницы: [1] 2  Все   Вниз

0 Пользователей и 1 Гость просматривают эту тему.

Страницы: [1] 2  Все   Вверх