Chrome on Mac returns ERR_SSL_PROTOCOL_ERROR for any 1password.com urls

When I try to access any 1password urls on Macbook Pro (OSX 10.11.6) Chrome (74.0.3729.169), including my vault and the main website, I see

This site can’t provide a secure connection 1password.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Same at home and work. No problem for coworker on work network. No problem on iPhone Chrome on work network.

Work IT staff poked around and then recommended I contact you for troubleshooting tips.


1Password Version: Not Provided
Extension Version: 1.15.2
OS Version: OSX 10.11.6
Sync Type: Not Provided
Referrer: forum-search:SSL protocol error chrome

Comments

  • BenBen AWS Team

    Team Member

    Hi @blinnro,

    Can you please check that the date, time, and timezone are set correctly on your Mac? SSL is sensitive to issues with time, and so it is important that the time be pretty close to exact. You can reference https://time.is/

    Ben

  • Hi! Thanks for the suggestion. I did check and date/time/zone are set correctly (+/- 0.015s).

  • BenBen AWS Team

    Team Member

    @blinnro

    Thanks for checking. Are you using a proxy server or VPN to connect to the internet on this Mac?
    Do you have any firewall, anti-virus, or "internet security" software installed?

    Ben

  • I'm checking with the IT folks about proxies, VPN, and firewall. I don't think this mac is using any of those. I do know our school district uses lightspeed web filtering and there is a program called "Sophos Anti-Virus" installed on my machine.
    Thanks,
    Christopher

  • BenBen AWS Team

    Team Member

    I suspect the filtering is the problem. Looking at Lightspeed's website one of the things they advertise is "decrypt SSL without proxy." That will most likely interfere with the ability to establish a secure connection to 1Password.

    Ben

  • Ok, Thanks! I'll take that back to the IT folks and see what they can do.

  • BenBen AWS Team

    Team Member

    Great. Please let us know what you find out. It would be good to know if there is indeed some sort of incompatibility with Lightspeed, and if so if there are any options to remedy that.

    Ben

  • Our network administrator changed local lightspeed settings to allow all connections to 1password.com URLs. That seems to have done the trick. I guess the only thing I'm left wondering is why the Chrome error didn't show the LightSpeed filter page, but that' is outside the scope of this ticket for my purposes.
    Thanks for the help!
    Christopher

  • BenBen AWS Team

    Team Member

    Thanks for the update. Good to know that Lightspeed was indeed the cause and that there is a way to work around it. If there is anything else we can do, please don't hesitate to contact us.

    Ben

  • gazugazu

    @blinnro

    I guess the only thing I'm left wondering is why the Chrome error didn't show the LightSpeed filter page

    1Password have Strict Transport Security (including forced SSL) enabled on their servers which means rogue connections will be terminated prematurely.

    By doing this it stops an attacker receiving any information whereas corporate SSL intercept systems normally just replace the certificate with one of their own meaning most unfiltered webpages will still appear but the administrator can see everything. 1Password's solution stops the administrator seeing anything other than a failed connection.

    You'll only see the LightSpeed alert page when there's an arbitrary failure (e.g. specific blocked content).

  • brentybrenty

    Team Member

    Indeed, a popular attack on TLS is to negotiate a downgrade to a lower version or SSL which has vulnerabilities that can be exploited. So to avoid a whole class of person-in-the-middle attacks against 1Password users, we reject those connections instead of falling prey to that. If 1Password can't be used securely (i.e. on an unsafe network decrypting your traffic, or a public computer that someone else controls) it should not be used at all.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file