After Weak cipher remediation , URL not working in chrome while IE load is fine.

err_ssl_version_or_cipher_mismatch is the error message

Can you please share the error message which you are seeing Google chrome? I am suspecting that chrome has removed RC4 cipher in chrome v48..

RC4 is disabled by chrome.

Run below in chrome browser

chrome://flags/ssl-version-max

Then change the maximum TLS version enabled from default to TLS 1.3

And select tls1.3 will work. Try n confirm.

Thanks. When I tried the above option in chrome://flags/ssl-version-max,I dont see any settings related to tls1.3 or ssl..

Hi Krishna,

please post your Client SSL Profile cipher string. Maybe we can optimize it further...

Cheers, Kai

Hi,

You can take a packet capture of the ssl handshake (with ssldump) to see exactly which ciphers are being negotiated and selected.

https://support.f5.com/csp/article/K10209

Then check if you find a reference in chrome support/forum that talking about your problem.

SO first capture traffic then check with ssldump which ciphers/protocol are negotiated it will be helpfull for your to find a solution...

Regards

Hi Krishna,

just tested the cipher support of Chrome. Chrome does not support the cihper called AES256-SHA256 (ID 61). It does only support AES256-SHA (ID 53) or AES256-GCM-SHA384 (ID 157) if you require a (non-DH) RSA based AES256.

Qualys SSL Labs: SSL/TLS Capabilities of Your Browser

https://www.ssllabs.com/ssltest/viewMyClient.html

To workaround this limitation, I would recommend to change your cipher string to include

AES256-GCM-SHA384

AES256-SHA256

[root@f501:Active:Standalone] /  tmm --clientcipher 'AES256-GCM-SHA384:AES256-SHA256:-SSLv3:-DTLSv1:-TLSv1:-TLSv1_1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
 1:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA 
 [root@f501:Active:Standalone] / 

Cheers, Kai