After Weak cipher remediation , URL not working in chrome while IE load is fine.

Hi Krishna,

just tested the cipher support of Chrome. Chrome does not support the cihper called AES256-SHA256 (ID 61). It does only support AES256-SHA (ID 53) or AES256-GCM-SHA384 (ID 157) if you require a (non-DH) RSA based AES256.

Qualys SSL Labs: SSL/TLS Capabilities of Your Browser

https://www.ssllabs.com/ssltest/viewMyClient.html

To workaround this limitation, I would recommend to change your cipher string to include

AES256-GCM-SHA384

AES256-SHA256

[root@f501:Active:Standalone] /  tmm --clientcipher 'AES256-GCM-SHA384:AES256-SHA256:-SSLv3:-DTLSv1:-TLSv1:-TLSv1_1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
 1:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA 
 [root@f501:Active:Standalone] / 

Cheers, Kai

Hi,

You can take a packet capture of the ssl handshake (with ssldump) to see exactly which ciphers are being negotiated and selected.

https://support.f5.com/csp/article/K10209

Then check if you find a reference in chrome support/forum that talking about your problem.

SO first capture traffic then check with ssldump which ciphers/protocol are negotiated it will be helpfull for your to find a solution...

Regards

Hi Krishna,

please post your Client SSL Profile cipher string. Maybe we can optimize it further...

Cheers, Kai

Thanks. When I tried the above option in chrome://flags/ssl-version-max,I dont see any settings related to tls1.3 or ssl..

RC4 is disabled by chrome.

Run below in chrome browser

chrome://flags/ssl-version-max

Then change the maximum TLS version enabled from default to TLS 1.3

And select tls1.3 will work. Try n confirm.

err_ssl_version_or_cipher_mismatch is the error message

Can you please share the error message which you are seeing Google chrome? I am suspecting that chrome has removed RC4 cipher in chrome v48..