ERR_SSL_VERSION_INTERFERENCE on Chrome

Question

I have a website that uses websocket-sharp for client-server communication and has a certificate issued by Let's Encrypt. Other browsers work, but Google Chrome (on Linux) gives the error ERR_SSL_VERSION_INTERFERENCE in the console. Disabling TLS 1.3 lets users circumvent this error. I am using the latest stable version.

This answer suggests the problem is when Chrome detects "buggy middleware" but I don't know what exactly Chrome is looking for.

Answer 1

This turned out to be a problem with Mono. Mono uses BoringSSL in newer versions but it isn't turned on by default in older versions. On newer Linux distributions you can do export MONO_TLS_PROVIDER=btls but that didn't work for me because the gcc compiler on CentOS 6 (version 4.4) is too old and doesn't support align which is necessary to compile BoringSSL.

First I installed gcc 4.8 with instructions from here: https://gist.github.com/stephenturner/e3bc5cfacc2dc67eca8b

wget -O /etc/yum.repos.d/slc6-devtoolset.repo http://linuxsoft.cern.ch/cern/devtoolset/slc6-devtoolset.repo
sudo yum install devtoolset-2
scl enable devtoolset-2 bash

Then I downloaded the latest release package of mono from their website (currently 5.12.0.226): http://www.mono-project.com/docs/compiling-mono/linux/

wget https://download.mono-project.com/sources/mono/mono-5.12.0.226.tar.bz2
tar xvf mono-5.12.0.226.tar.bz2
cd mono-5.12.0.226
./configure --prefix=/usr/local
make
make install

Just in case, I did export MONO_TLS_PROVIDER=btls too, although I don't think it's necessary, but regardless if you look at the output at the end of ./configure it should tell you if BTLS is enabled.

This also fixed the same problem with recent Firefox update 60.0.0.2.