SSL Google Chrome turning of NPN negotiation protocol for HTTPS support

eva2000 · May 17, 2016

May 31, 2016 is the updated deadline for which Google Chrome 51 will disable support for NPN negotiation protocol and thus end of SPDY for HTTP/2 based SSL The day Google Chrome disables HTTP/2 for nearly everyone: May 31st, 2016 and WebPerf - Google dropping SPDY in favor of HTTP 2 | Centmin Mod Community

The Chromium project (whose end result is the Chrome Browser) has switched the negotiation protocol by which it decides whether to use HTTP/1.1 or the newer HTTP/2 on May 15th, 2016 May 31st, 2016.

Update: this change is coming to Chrome 51 (thanks Eric), originally scheduled for May 15th, but could be a few days later. The newly updated development calendar puts this on May 31st.

That in and of itself isn't a really big deal, but the consequences unfortunately are. Previously (as in: before May 31st, 2016), a protocol named NPN was used -- Next Protocol Negotiation. This wasn't a very efficient protocol, but it got the job done.

There's a newer negotiation protocol in town called ALPN -- Application-Layer Protocol Negotiation. This is a more efficient version with more future-oriented features. It's a good decision to switch from NPN to ALPN, there are far more benefits than there are downsides.

However, on the server side -- the side which runs the webservers that in turn run HTTP/2 -- there's a rather practical issue: to support ALPN, you need at least OpenSSL 1.0.2.

So what? You're a sysadmin, upgrade your shit already!
Click to expand...

Means if you're using a web server on CentOS 5/6/7 and rely on CentOS system OpenSSL version which is below OpenSSL 1.0.2, the connection will downgrade back from HTTP/2 to HTTP/1.1 according to the article.

Luckily, Centmin Mod Nginx is statically compiled against it's own OpenSSL 1.0.2h or LibreSSL 2.3.4 and won't have issues with HTTP/2 ALPN negotations for HTTPS
Code (Text):
Operating System    OpenSSL version
CentOS 5    0.9.8e
CentOS 6    1.0.1e
CentOS 7    1.0.1e
Ubuntu 14.04 LTS    1.0.1f
Ubuntu 16.04 LTS    1.0.2g
Debian 7 (Wheezy)    1.0.1e
Debian 8 (Jessie)    1.0.1k
openssl 1.0.1 support officially ends Dec 31st, 2016 too

Support for version 1.0.1 will cease on 2016-12-31. No further releases of 1.0.1 will be made after that date. Security fixes only will be applied to 1.0.1 until then.
Click to expand...

eva2000 · May 17, 2016

State of OpenSSL 1.0.2 on RedHat/CentOS Bug 1276310 – RFE: Need OpenSSL 1.0.2

eva2000 · May 28, 2016

Chrome 51 has been released so bye bye SPDY and NPN protocols !

eva2000 · Jun 8, 2016

nginx.com blog has an article addressing Chrome ending SPDY and NPN support at Supporting HTTP/2 for Google Chrome Users | NGINX

Users of the Google Chrome web browser are seeing some sites that they previously accessed over HTTP/2 falling back to HTTP/1. This is because of a policy change in the most recent update to Chrome, released in late May, which removes support for NPN, one method for upgrading a connection to HTTP/2.

The only way Chrome users can continue using HTTP/2 to access these websites is by switching to a different browser. Website administrators can restore HTTP/2 support for Chrome users by upgrading their OpenSSL installation to the recently released 1.0.2 version. Unfortunately, this requires either a major operating system upgrade or using a private build of NGINX.

What Has Happened?
In the beginning was HTTP/1. HTTP/1 has served us well, but as websites got more and more complex, it began to get a bad rap for being too slow.

To address this, Google developed a new transport layer named SPDY. SPDY was accessed over SSL/TLS, and Google developed an SSL/TLS modification called Next Protocol Negotiation (NPN) that allows clients to upgrade their SSL/TLS connections from HTTP/1 to HTTP/2. Major web servers (such as NGINX) implemented SPDY; OpenSSL and other SSL/TLS stacks implemented NPN.
Click to expand...

Google has removed support for SPDY from the latest release of the Chrome web browser (build 51). Fortunately, upgrading a web server to a later version that supports HTTP/2 is relatively easy; a web server is a standalone application with very few tight dependencies.

The more significant issue is that Google has also removed support for NPN from Chrome build 51. If the web server that a user is connecting to supports only NPN (not ALPN), the new Chrome browser drops back to HTTP/1.

This can cause problems for users and site developers. Users are likely to experience slower response times than under HTTP/2 – especially at sites with lots of different assets (which benefit from HTTP/2’s multiplexing over a single connection) and when they are accessing the site over a high-latency connection (which worsens the penalties for less efficient connection usage). Site developers have less incentive to upgrade to HTTP/2 and are stuck either leaving their sites optimized for HTTP/1 oroptimizing for HTTP/2.

Google has briefly described its reasons for dropping NPN here. Concern was expressed publicly and privately about the change before it was implemented, but Google has now implemented its plans and Chrome no longer supports NPN in build 51 and later.
Click to expand...

It's why Centmin Mod Nginx has always statically compiled against it's own OpenSSL 1.0.2+ or LibreSSL 2.3+ versions instead of relying on CentOS's own OpenSSL 1.0.1e builds

Revenge · Jun 8, 2016

I also compile Nginx, but they could use the newer version in their nginx repo instead of the old one. Many people install Nginx from the repo instead of compiling it.

eva2000 · Jun 8, 2016

Revenge said: ↑

I also compile Nginx, but they could use the newer version in their nginx repo instead of the old one. Many people install Nginx from the repo instead of compiling it.
Click to expand...

Yeah i think it depends on what repo and OS is used.

Revenge · Jun 8, 2016

I know, for Centos they compile against the same version that comes with it. But why? Its not necessary...

eva2000 · Jun 8, 2016

Revenge said: ↑

I know, for Centos they compile against the same version that comes with it. But why? Its not necessary...
Click to expand...

Their policy is to offer distro repo nginx versions without non-system dependencies for best compatibility.

buik · Jun 8, 2016

eva2000 said: ↑

Their policy is to offer distro repo nginx versions without non-system dependencies for best compatibility.
Click to expand...

And best stability.

+ You can't support 2 Nginx editions for each distro.
In the land of enterprise linux only Ubuntu 16.04 uses openssl 1.0.2. out of the box at this moment.
That means almost 100% more packages to built and support for the Nginx team.
Almost impossible task if you ask me.

Because the source is open, everybody can compile it in any shape.

eva2000 · Jun 12, 2016

yeah

anyone notice paypal still using SPDY/3.1 for HTTPS - looks like in Chrome they fall back to HTTP/1.1 non-SPDY HTTPS right now heh

in Opera browser SPDY/3.1 still supported

in Chrome SPDY/3.1 support disabled now and served via normal HTTP/1.1 !

checking paypal site

Code (Text):

is-http2 https://paypal.com
× HTTP/2 not supported by https://paypal.com

testssl run

Code (Text):

testssl https://paypal.com        

No mapping file found

###########################################################
    testssl       2.7dev from https://testssl.sh/dev/
    (1.499 2016/06/09 13:56:51)

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
on 13cc60d2fa32:/usr/local/http2-15/bin/openssl
(built: "reproducible build, date unspecified", platform: "linux-x86_64")


Testing all IPv4 addresses (port 443): 66.211.169.66 66.211.169.3
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Start 2016-06-11 20:11:08    -->> 66.211.169.66:443 (paypal.com) <<--

further IP addresses:   66.211.169.3
rDNS (66.211.169.66):   paypal.com.
Service detected:       HTTP

Code (Text):

Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)

SSLv2      not offered (OK)
SSLv3      not offered (OK)
TLS 1      not offered
TLS 1.1    not offered
TLS 1.2    offered (OK)
SPDY/NPN   not offered
HTTP2/ALPN not offered

Code (Text):

Testing ~standard cipher lists

Null Ciphers                 not offered (OK)
Anonymous NULL Ciphers       not offered (OK)
Anonymous DH Ciphers         not offered (OK)
40 Bit encryption            not offered (OK)
56 Bit encryption            not offered (OK)
Export Ciphers (general)     not offered (OK)
Low (<=64 Bit)               not offered (OK)
DES Ciphers                  not offered (OK)
Medium grade encryption      not offered (OK)
Triple DES Ciphers           offered
High grade encryption        offered (OK)


Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here

PFS is offered (OK)  ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA

Code (Text):

Testing server preferences

Has server cipher order?     yes (OK)
Negotiated protocol          TLSv1.2
Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH
Cipher order
    TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA


Testing server defaults (Server Hello)

TLS extensions (standard)    "renegotiation info/#65281" "server name/#0" "EC point formats/#11"
Session Tickets RFC 5077     (none)
SSL Session ID support       yes
TLS clock skew               random values, no fingerprinting possible
Signature Algorithm          SHA256 with RSA
Server key size              RSA 2048 bits
Fingerprint / Serial         SHA1 86CF4EB313DDA4BD86A6D096ECC5AEE07EE5E124 / 0E6541916CE8CFB29B7B52710105BAC4
                              SHA256 5BBFAED9910780ABE40F2473856BA7F0302019AB6EC0746E88594849BC9B2B7A
Common Name (CN)             "paypal.com" (works w/o SNI)
subjectAltName (SAN)         "paypal.com" "www.paypal.com"
Issuer                       "DigiCert SHA2 High Assurance Server CA" ("DigiCert Inc" from "US")
EV cert (experimental)       no
Certificate Expiration       187 >= 60 days (2014-12-12 00:00 --> 2016-12-16 12:00 +0000)
# of certificates provided   2
Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
Certificate Revocation List  http://crl3.digicert.com/sha2-ha-server-g3.crl
OCSP URI                     http://ocsp.digicert.com
OCSP stapling                --

Code (Text):

Testing HTTP header response @ "/"

HTTP Status Code             301 Moved Permanently, redirecting to "https://www.paypal.com/"
HTTP clock skew              Got no HTTP time, maybe try different URL?
Strict Transport Security    730 days=63072000 s, just this domain
Public Key Pinning           --
Server banner                (no "Server" line in header, interesting!)
Application banner           --
Cookie(s)                    (none issued at "/")
Security headers             --
Reverse Proxy banner         --

Code (Text):

Testing vulnerabilities

Heartbleed (CVE-2014-0160)                not vulnerable (OK) (no heartbeat extension)
CCS (CVE-2014-0224)                       not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim.    No fallback possible, TLS 1.2 is the only protocol (OK)
FREAK (CVE-2015-0204)                     not vulnerable (OK)
DROWN (2016-0800, CVE-2016-0703), exper.  not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=5BBFAED9910780ABE40F2473856BA7F0302019AB6EC0746E88594849BC9B2B7A could help you to find out
LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

Code (Text):

Testing all 183 locally available ciphers against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
-------------------------------------------------------------------------
xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH 256   AESGCM     256        
xc028   ECDHE-RSA-AES256-SHA384        ECDH 256   AES        256        
xc014   ECDHE-RSA-AES256-SHA           ECDH 256   AES        256        
x9d     AES256-GCM-SHA384              RSA        AESGCM     256        
x3d     AES256-SHA256                  RSA        AES        256        
x35     AES256-SHA                     RSA        AES        256        
xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH 256   AESGCM     128        
xc027   ECDHE-RSA-AES128-SHA256        ECDH 256   AES        128        
xc013   ECDHE-RSA-AES128-SHA           ECDH 256   AES        128        
x9c     AES128-GCM-SHA256              RSA        AESGCM     128        
x3c     AES128-SHA256                  RSA        AES        128        
x2f     AES128-SHA                     RSA        AES        128        
xc012   ECDHE-RSA-DES-CBC3-SHA         ECDH 256   3DES       168        
x0a     DES-CBC3-SHA                   RSA        3DES       168

Code (Text):

Running browser simulations (experimental)

Android 2.3.7                 No connection
Android 4.0.4                 No connection
Android 4.1.1                 No connection
Android 4.2.2                 No connection
Android 4.3                   TLSv1.2 0000
Android 4.4.2                 TLSv1.2 0000
Android 5.0.0                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Baidu Jan 2015                No connection
BingPreview Jan 2015          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Chrome 47 / OSX               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Firefox 42 / OSX              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
GoogleBot Feb 2015            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
IE6 / XP                      No connection
IE7 / Vista                   TLSv1.2 0000
IE8 / XP                      TLSv1.2 0000
IE8-10 / Win7                 TLSv1.2 0000
IE11 / Win7                   TLSv1.2 ECDHE-RSA-AES128-SHA256
IE11 / Win8.1                 TLSv1.2 ECDHE-RSA-AES128-SHA256
IE10 / Win Phone 8.0          TLSv1.2 0000
IE11 / Win Phone 8.1          TLSv1.2 ECDHE-RSA-AES128-SHA256
IE11 / Win Phone 8.1 Update   TLSv1.2 ECDHE-RSA-AES128-SHA256
IE11 / Win10                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 13 / Win10               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 12 / Win Phone 10        TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Java 6u45                     No connection
Java 7u25                     No connection
Java 8u31                     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 0.9.8y                No connection
OpenSSL 1.0.1l                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.0.2e                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 5.1.9/ OSX 10.6.8      No connection
Safari 6 / iOS 6.0.1          TLSv1.2 ECDHE-RSA-AES128-SHA256
Safari 6.0.4/ OS X 10.8.4     No connection
Safari 7 / iOS 7.1            TLSv1.2 ECDHE-RSA-AES128-SHA256
Safari 7 / OS X 10.9          TLSv1.2 ECDHE-RSA-AES128-SHA256
Safari 8 / iOS 8.4            TLSv1.2 ECDHE-RSA-AES128-SHA256
Safari 8 / OS X 10.10         TLSv1.2 ECDHE-RSA-AES128-SHA256
Safari 9 / iOS 9              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 9 / OS X 10.11         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Done 2016-06-11 20:12:18    -->> 66.211.169.66:443 (paypal.com) <<--

Revenge · Jun 12, 2016

Its so easy to implement http2, i don't know why so many big sites did not do it yet.

eva2000 · Jun 12, 2016

Maybe their web servers tied to system OpenSSL and that is stuck on OpenSSL <1.0.2 like OpenSSL 1.0.1 ?

eva2000 · Jun 12, 2016

eva2000 said: ↑

State of OpenSSL 1.0.2 on RedHat/CentOS Bug 1276310 – RFE: Need OpenSSL 1.0.2
Click to expand...

from that bug listing Bug 1276310 – RFE: Need OpenSSL 1.0.2 status shows fix target release for Redhat 7.4 - so CentOS 7.4 - fingers crossed !

Revenge · Jun 12, 2016

eva2000 said: ↑

Maybe their web servers tied to system OpenSSL and that is stuck on OpenSSL <1.0.2 like OpenSSL 1.0.1 ?
Click to expand...

Probably is that. But this company's have a lot of resources, i don't believe it would be hard for them to update openssl.
If we look at Cloudflare, they are always at the vanguard of technology.

buik · Jun 12, 2016

Revenge said: ↑

Its so easy to implement http2, i don't know why so many big sites did not do it yet.
Click to expand...

Revenge said: ↑

Probably is that. But this company's have a lot of resources, i don't believe it would be hard for them to update openssl.
If we look at Cloudflare, they are always at the vanguard of technology.
Click to expand...

In theory it is easy.

But if you're really big (Netcraft top listed etc.) and have hundreds of thousands of server.
Case changed.
You can't change something like Openssl at your server farm on the fly.
Way to many risks.

They need to be absolutely sure and that takes a lot of time (developing, testing (simulation testcases with as many known situations as possible) etc).
Before they could deploy it in batches. Never in one time.

If your core business is the collection of personal data just like Facebook then that's priority number one on a stable environment. HTTP/2 is nice but not top priority for them. It helps a little bit in order to optimize the whole. But one of the many.

As to whether Cloudflare is fast with new technology,
it is their core business to deliver internet media files in all its facets, which is why they are fast with this kind of specific new technology.

eva2000 · Jun 23, 2016

well looks like Opera 38 following Chrome's lead and turned off NPN and SPDY/3.1 support too

eva2000 · Apr 7, 2017

eva2000 said: ↑

from that bug listing Bug 1276310 – RFE: Need OpenSSL 1.0.2 status shows fix target release for Redhat 7.4 - so CentOS 7.4 - fingers crossed !
Click to expand...

progress https://bugzilla.redhat.com/show_bug.cgi?id=1276310

Target Release: 7.4

Fixed In Version: openssl-1.0.2k-1.el7
Doc Type: Release Note
Doc Text:
The OpenSSL library was updated to version 1.0.2k. This version is API and ABI compatible with the previous OpenSSL library version present in Red Hat Enterprise Linux 7. This version fixes multiple bugs and introduces these new major features: * Support for DTLS (datagram TLS) version 1.2 * TLS automatic elliptic curve selection * Support for ALPN (Application-Layer Protocol Negotiation) * CMS (Cryptographic Message Syntax) support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH
Click to expand...

Log in / Register

Forums

Join the community today

SSL Google Chrome turning of NPN negotiation protocol for HTTPS support

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

SSL Google Chrome turning of NPN negotiation protocol for HTTPS support

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

Revenge Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.