[Freeswitch-users] Chrome 98 beta rejects Lets Encrypt certs for verto

David P davidswalkabout at gmail.com
Wed Jan 12 03:10:03 UTC 2022 

In our FS1.10.7 log, this sequence occurs repeatedly with Chrome98 Beta but
not Chrome97 Stable...

-----------------------------------------------------------------------------------
2022-01-12 02:33:29.525407 98.60% [DEBUG] mod_verto.c:607 WRITE
151.210.x.y:4790 [{
        "jsonrpc":      "2.0",
        "id":   3,
        "result":       {
                "message":      "logged in",
                "sessid":       "97524066-1470-4aca-b143-a04c4eaceed9"
        }
}]
2022-01-12 02:33:29.565399 98.60% [DEBUG] mod_verto.c:607 WRITE
151.210.x.y:4790 [{
        "jsonrpc":      "2.0",
        "id":   501,
        "method":       "verto.clientReady",
        "params":       {
                "reattached_sessions":  []
        }
}]
2022-01-12 02:33:40.565395 98.83% [WARNING] mod_verto.c:1904
151.210.x.y:4790 BAD READ -1
2022-01-12 02:33:40.565395 98.83% [DEBUG] mod_verto.c:2045 151.210.x.y:4790
Ending client thread.
2022-01-12 02:33:40.565395 98.83% [DEBUG] mod_verto.c:2053 151.210.x.y:4790
Thread ended
2022-01-12 02:33:41.785412 98.87% [DEBUG] mod_verto.c:4273
151.210.x.y:33838 Client Connect from 151.210.x.y:33838 accepted
2022-01-12 02:33:41.785412 98.87% [DEBUG] mod_verto.c:2018
151.210.x.y:33838 Starting client thread.
2022-01-12 02:33:44.045410 98.90% [DEBUG] mod_verto.c:1414 READ
151.210.x.y:33838 [{
        "jsonrpc":      "2.0",
        "method":       "login",
        "params":       {
                "sessid":       "97524066-1470-4aca-b143-a04c4eaceed9"
        },
        "id":   4
}]
-----------------------------------------------------------------------------------

We're running on Debian 10 (which I believe is recommended for FS1.10.7)
with OpenSSL 1.1.1d (the most recent available for Debian 10).

https://www.ssllabs.com/ssltest/analyze.html gives our site an 'A' rating
and all its tests for TLSv1.2 pass.

I've collected .har files from Chrome DevTools' Network pane for WS, and
I've collected .pcap's, for both browser versions. I don't see any error
traffic, only reprompts from FS to login again.

Why would "BAD READ" occur *in FS* with a newer version of Chrome but not
with an older one nor with Firefox ?

On Wed, Jan 12, 2022 at 12:52 PM David P <davidswalkabout at gmail.com> wrote:

> FYI, we support only TLSv1.2
>
> On Wed, Jan 12, 2022 at 12:38 PM David P <davidswalkabout at gmail.com>
> wrote:
>
>> FYI, we just noticed that Chrome 98 beta rejects these certs as "lost
>> sleep", and the FS 1.10.7 log shows "BAD READ -1". But Chrome 97 and
>> Firefox do not show these problems.
>>
>> We haven't found a resolution nor bug report, but I'll followup if we do.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20220112/e15e7e38/attachment.html>

More information about the FreeSWITCH-users mailing list