Problems were reported with Google Chrome’s latest update. More particularly, Chromebook users were unable to reach the Internet. Chromebooks are primarily used in schools where the connection is protected by proxies like Symantec’s BlueCoat. In fact, the issue with the update didn’t come from Google itself but from BlueCoat.
The system of a Maryland school was affected. 120,000 Chromebooks and other machines using Chrome couldn’t connect to the Web properly.
Chromium Bug Report: BlueCoat, Other Proxies Hang Up During TLS 1.3
BlueCoat, which was acquired by Symantec for $4.6 billion runs on ProxySG technology to exaine SSL and TLS encrypted web content. The issue with the update stemmed from the fact that BlueCoat does not offer support for the latest protocol, TLS 1.3.
As explained in a Chromium bug report, Google started getting reports from customers using BlueCoat who could not connect to the Web via Google’s Chrome 56 web browser and operating system. Apparently, BlueCoat’s proxy terminated connections instead of arranging support version 1.2 of TLS. More specifically, users trying to connect to the web via Chrome 56 were unable to do so, whereas Chromebook users couldn’t establish any connection at all.
From the bug report:
Chrome Version: 56
OS: Chrome and Windows
What steps will reproduce the problem?
(1) BlueCoat 6.5 proxy.
(2) Chrome OS 56 or Chrome browser 56
(3) Attempt to connect to a Google service (youtube, accounts.google.com, etc.
What is the expected result?
Successful connection. Client and proxy may negotiate down to TLS 1.2 instead of TLS 1.3.
What happens instead?
When Chrome attempts to connect via TLS 1.3, BlueCoat hangs up connection.
“When Chrome attempts to connect via TLS 1.3, Blue Coat hangs up connection,” further explained Google’s Chromium project member Jay H. Lee in the bug report. “We have at least one very large customer seeing similar issues against Blue Coat. The connection fails with SSL_HANDSHAKE_ERROR / ERR_CONNECTION_CLOSED. Customer found that restricting to TLS 1.2 via policy resolves the issue for Chrome 56 stable,” he added.
Have a look at the full bug report.