Chrome Version 21 Unable to Make SSL Connections to Destinations

Printer Friendly Page


Users of Chrome version 21 are unable to make SSL connections to destinations. When attempting to connect to an SSL-enabled destination, the browser either issues a "This is probably not the site you are looking for" message or produces an error page with the message "Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data." This is due to a new http transport protocol currently being tested by Google.

More information on SPDY:

Resolution for Windows

  1. Confirm that the process "chrome.exe" is not running in the Task Manager and that all Chrome windows are closed.
  2. Open the shortcuts properties.

  3. In the Target field, add "--use-spdy=off --use-system-ssl" to the end.

  4. Click Apply.

Resolution for MAC

  • Open the terminal Applications > Utilities folder
  • Type into terminal to change to Chrome’s Directory using
    • cd /Applications/Google\
  • Rename Google Chrome to Chrome in the terminal:
    • mv Google\ Chrome Chrome
  • Copy the following 3 lines for the contents of our execution script:
    • #!/bin/sh
    • # This will execute your Google Chrome with SPDY disabled, and set it to use your System SSL
    • /Applications/Google\ --use-spdy=off --use-system-ssl
  • Type the following into the Terminal to make a file from what was just copied:
    • pbpaste > Google\ Chrome
  • Type the following into the terminal to it so our new Google Chrome can run:
    • chmod +x Google\ Chrome
  • Close Google Chrome using the Apple menu, or Command-Q:
  • Restart Google Chrome

owner: dlorenzen

Tags (4)

When is the resolution expected for Palo Alto?  We can't turn this off as an organization... there should be some work around in the product.

This was resolved in 4.1.8. We have upgraded and been able to turn ssl decryption back on.

I think this is the fix - 43492 – When users browsed to HTTPS sites using Chrome version 21, SSL decryption  was failing due to incompatibilities with TLS 1.1.

Can we get a definite answer on if 43492 was the fix for this? "I think this is the fix - 43492"...

We are about to deploy SSL Decryption and are running 4.1.7. If we can have some clarity on that so I can know for sure. That might make the difference on doing a firmware upgrade before SSL Decryption deployment.