- Apr 21, 2016
- 4,371
Google's latest Chrome update caused a lot of problems for users who were left unable to reach the web. The problem extended to Chromebooks, which are highly used in schools where the Internet connection is protected by proxies such as Symantec's BlueCoat.
The problem, however, doesn't seem to stem from Google itself, but rather from Symantec's BlueCoat, a man-in-the-middle SSL web proxy used by an entire school system in Maryland where some 120,000 Chromebooks and multiple PCs running the Chrome web browser were affected.
The BlueCoat Symantec system uses ProxySG technology to examine Secure-Socket Layer (SSL), and Transport Layer Security (TLS) encrypted web content, which is obviously a very handy feature. The problem, it seems, was that BlueCoat doesn't come with support for the newest standard web security protocol, namely TLS 1.3.
This clears up the problem about whose fault it is and who's to blame since it's nothing Google could have done about it, aside from not upgrading its security standards for the rest of the users. Google itself puts the blame solely on BlueCoat and other web proxy vendors who had been made aware of the upgrade in TLS months ago, but did not prepare accordingly.
Better protection, but not yet supported
TLS, as you know is SSL's trusty successor, protecting everyone as best as possible. In fact, the TLS 1.3 version blocks attacks that worked against the previous 1.2 version, as well as any earlier security protocols. In addition, it helps speed up web connections.
The latest TLS update is a major overhaul bringing both security and speed and it's not really a bit surprise that support is not yet universal.
In fact, TLS 1.3 is currently supported by Firefox, Chrome and Opera, while Apple and Microsoft are working on supporting it in Internet Explorer 11, Edge and Safari. For its part, however, Google decided that its latest update to fully support only TLS 1.3 which is why the problem occurred.
Google and Mozilla predicted this type of TLS decryption problems were going to happen a long time ago given how badly vendors were found to handle TLS inspections. BlueCoat, for instance, blocks the Internet connection when Chrome tries to connect via TLS 1.3 instead of displaying a successful connection.
Read more: Chrome 56 Crypto Upgrade Makes Thousands of Computers Using BlueCoat to Fail
The problem, however, doesn't seem to stem from Google itself, but rather from Symantec's BlueCoat, a man-in-the-middle SSL web proxy used by an entire school system in Maryland where some 120,000 Chromebooks and multiple PCs running the Chrome web browser were affected.
The BlueCoat Symantec system uses ProxySG technology to examine Secure-Socket Layer (SSL), and Transport Layer Security (TLS) encrypted web content, which is obviously a very handy feature. The problem, it seems, was that BlueCoat doesn't come with support for the newest standard web security protocol, namely TLS 1.3.
This clears up the problem about whose fault it is and who's to blame since it's nothing Google could have done about it, aside from not upgrading its security standards for the rest of the users. Google itself puts the blame solely on BlueCoat and other web proxy vendors who had been made aware of the upgrade in TLS months ago, but did not prepare accordingly.
Better protection, but not yet supported
TLS, as you know is SSL's trusty successor, protecting everyone as best as possible. In fact, the TLS 1.3 version blocks attacks that worked against the previous 1.2 version, as well as any earlier security protocols. In addition, it helps speed up web connections.
The latest TLS update is a major overhaul bringing both security and speed and it's not really a bit surprise that support is not yet universal.
In fact, TLS 1.3 is currently supported by Firefox, Chrome and Opera, while Apple and Microsoft are working on supporting it in Internet Explorer 11, Edge and Safari. For its part, however, Google decided that its latest update to fully support only TLS 1.3 which is why the problem occurred.
Google and Mozilla predicted this type of TLS decryption problems were going to happen a long time ago given how badly vendors were found to handle TLS inspections. BlueCoat, for instance, blocks the Internet connection when Chrome tries to connect via TLS 1.3 instead of displaying a successful connection.
Read more: Chrome 56 Crypto Upgrade Makes Thousands of Computers Using BlueCoat to Fail