• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Chromium update

ronaldlees

Aspiring Daemon

Thanks: 260
Messages: 663

#1
The current www/chromium port version is 61.0 (five months old), but ports should be set to upgrade to www/chromium 62.0 shortly.

I took the plunge, ran version 62.0 on another platform, and noticed that the "most preferred" cipher in the newer browser is something called GREASE. I have found so little information about this, but it seems it's a test suite to see how many websites break when presented with an unknown ciphersuite and unknown TLS version, and is part of the upgrade cycle to upcoming TLS 1.3. I imagine that GREASE is entirely a dummy suite, since Chromium 62.0 is still at TLS 1.2, and it couldn't run a TLS 1.3 session. But, are we just ahead of a looming SSL disaster, and this is a forward looking mitigation? I'm not trying to be an alarmist, but would like to hear an expert's opinion about TLS 1.3 and GREASE, what they do now and later, and what to expect in the transition.

Edit: Looks like it's not much to worry about:

https://tools.ietf.org/html/draft-davidben-tls-grease-01
 

drhowarddrfine

Son of Beastie

Thanks: 818
Messages: 2,608

#3
Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.
 

ronaldlees

Aspiring Daemon

Thanks: 260
Messages: 663

#4
Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.
I notice you wrote "Chrome" versus Chromium. Using the following link, my Chromium-62.0/Raspbian browser shows only up thru TLS 1.2. Perhaps it's in the build but not enabled by default ...

https://www.ssllabs.com/ssltest/viewMyClient.html
 

drhowarddrfine

Son of Beastie

Thanks: 818
Messages: 2,608

#5
Yes, Chrome. I wanted to state that TLS v1.3 can be used today and it's not something "coming up" unless you meant coming up in chromium.
 

cpm@

Moderator
Staff member
Moderator
Developer

Thanks: 890
Messages: 2,100

#6

drhowarddrfine

Son of Beastie

Thanks: 818
Messages: 2,608

#8
@cpm I still have the issue with tabs crashing over time. While I see this still listed on bug reports and random user postings, the fact that no one who works on chromium seems to mention it make me wonder if I'm missing something and chromium works normally. Can you clear that up?
 

cpm@

Moderator
Staff member
Moderator
Developer

Thanks: 890
Messages: 2,100

#9
@cpm I still have the issue with tabs crashing over time. While I see this still listed on bug reports and random user postings, the fact that no one who works on chromium seems to mention it make me wonder if I'm missing something and chromium works normally. Can you clear that up?
Unfortunately, the tabs crashing issue has not been solved. To fix the nasty bug, I have some ideas to work with. Some of them are based on users feedback but I barely have free time at this time for testing.
 
Top