Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
[ID: 1223031]
Internals>Network>Certificate
Supplemental component tags only. Set main component first. [ID: 1222907]
[ID: 1223136]
Design doc to be reviewed. [ID: 1223032]
[ID: 1223087]
[ID: 1223134]
Milestone(s) impacted by this issue. [ID: 1223085]
[ID: 1223084]
[ID: 1223086]
[ID: 1223034]
Link to incidents in IRM as a result of this ticket. [ID: 1300460]
[ID: 1223088]
This field contains Gerrit urls of code changes that ‘fix’ a security bug (i.e., excluding logging/cleanup commits) and is used when a singular fix cannot be uniquely identified from the existing “Code Changes” field. The change can be in the chromium repo or any other third_party repo. [ID: 1358989]
Internals
Internals>Network
[ID: 1253656]
View issue level access limits(Press Alt + Right arrow for more information)
Unintended behavior
View staffing
Estimated effort
Description
Steps to reproduce the problem
This will make firewall or ssl certificate inspection hard to work unless the browser trusts the certificate used by the middle box. Why Chrome can't pop up a warning message about this and let the use choose to trust the cert or not? 2. 3.
Problem Description
When the middlebox removes or modifies ECH extension to force Chrome to fall back to a non-ECH TLS handshake, Chrome will return an ERR_ECH_FALLBACK_CERTIFICATE_INVALID error and close the connection.
This will make firewall or ssl certificate inspection hard to work unless the browser trusts the certificate used by the middle box. Why Chrome can't pop up a warning message about this and let the use choose to trust the cert or not?
Summary
Chrome returns an ERR_ECH_FALLBACK_CERTIFICATE_INVALID error and close the connection.
Custom Questions
Please select a label to classify your issue:
Type-Feature - Request for new or improved features
Additional Data
Category: Other
Chrome Channel: Not sure
Regression: No