Chrome Does Not Work With RTC Debug Server on Jetty


Recently I tried to use Chrome with a RTC debug Server running on Jetty. I was unable to do so. Why does this happen and is there a work around?

Affected Versions

This problem only occurs when using the RTC SDK for RTC versions prior to RTC 6.x. The RTC 6.0 and later SDK’s are not affected as they enable TLS.

* Update * see Unable to Connect to the Jetty Server Using Current Browsers Due to SSL Error Extending RTC Versions Lower Than 6.x for newest developments and potential workarounds. This work around does no longer work for the newest versions of Chrome.

Symptoms

When I tried to navigate to the public URI https://localhost:7443/jazz/ of my debug server I got a message

This webpage is not available

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

See the screenshot below:

This webpage is not available ERR_SSL_VERSION_OR_CIPHER_MISMATCH

This webpage is not available ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I created Defect 354890 to get it addressed.

Root Cause And Work Around

As described in the defect above, it appears that Jetty uses SSL as a default protocol to talk to the browser. Chrome version 4 has disabled SSL due to defects in the older SSL implementations. This can basically also happen in other browsers soon.

To fix this, Jetty would have to be set to TLS as default. Although this seems to be the documented default for newer versions, the SDK does not seem to have that setting. I searched around and was also not able to find a way to force it.

It would be good if there was a way to set e.g. a System Property in the server launch configuration.

This work around I found on the net worked for me for Chrome v40:

  • Open the URL chrome://flags
  • Look for “Minimum SSL/TLS version supported.
  • Change from Default and choose SSLv3
  • Click on the “Relaunch now” button

Open your public URI https://localhost:7443/jazz/ again. You will be redirected to a page “Your connection is not private“. Click on the “Advanced” link. Finally click on “Proceed to (unsafe)“.

Update

Chromium has the same problem. And the same fix.

Advertisements

About rsjazz

Hi, my name is Ralph. I work for IBM and help colleagues and customers with adopting the Jazz technologies.
This entry was posted in Jazz, RTC, RTC Extensibility and tagged , , , , , . Bookmark the permalink.

4 Responses to Chrome Does Not Work With RTC Debug Server on Jetty

  1. Lukas Steiger says:

    For the last couple of months, we have worked with the RTC SDK >= 5.0.1 and Google Chrome (up to version 43) without changing anything on the SSL configuration. But I think I’ve tried once in the past to run an older version of the SDK which did not work due to the SSL issue. So I would assume that the issue has been resolved in newer versions.

  2. All recent releases of jetty have the default configuration of SslContextFactory as addExcludeProtocols(“SSL”, “SSLv2”, “SSLv2Hello”, “SSLv3”);
    You should be able to update the configuration of older jetty instances to also exclude SSLv3

    • rsjazz says:

      Greg, this Jetty is basically shipped with a SDK in a Jar File and in older versions SSL is hard coded into the launch.
      The 6.0 version is already fixed. We are working on a patch for older SDK’s

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s