In the last days we have had several support cases that suspiciously all had the same error description: many web servers can no longer be reached with the Chrome or Edge browser.
In our cases typically the Webfilter feature from one of our firewalls has been involved. Right now we are still missing a lot of information, but the problem seems to be related to the “TLS 1.3 hybridized Kyber support” feature from Chrome and Edge (both version 124).
This feature added support for the new quantum-resistant X25519Kyber768 encapsulation mechanism which is enabled by default. The result of this feature is that the “Client Hello” packet of the TLSv1.3 negotiation is getting huge – bigger than the normal MTU of a packet and therefor the packet needs to be fragmented. And this seems to cause some issues.
As a workaround you can disable this feature on your browser:
Chrome: chrome://flags/#enable-tls13-kyber
Edge: edge://flags/#enable-tls13-kyber
Firefox: about:config –> security.tls.enable_kyber
Additional information can be found here: https://tldr.fail/
References
Fortinet
Troubleshooting Tip: Web pages not loading or taking too long to load when a web filter is applied
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-pages-not-loading-or-taking-too-long-to/ta-p/313958
Technical Tip: Web filter is not blocking websites on Google Chrome
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Google/ta-p/297956
Palo Alto Networks
Post-Quantum Cryptography Detection and Control
https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/decryption/post-quantum-cryptography-detection-and-control
Known Issue in PANOS 11.2.0: PAN-254236: TLSv1.3 hybridized Kyber support in the latest versions of Chrome and Edge browsers results in dropped Client Hello packets when SSL/TLS handshake inspection is enabled.
Workaround: Disable SSL/TLS handshake inspection.
Thanks for this information.
I can confirm this bug, but I have a rather weird (or concerning?) observation:
Right now I am in Türkiye. If I use a personal hotspot connection connection from my iPhone running iOS 17.4.1 with a local Vodafone TR sim card, the bug essentially prevents any SSL connection for Chromium-based browsers (also Microsoft Edge). Safari works without a problem.
However: If I use a sim card from Telekom.de in roaming, Chrome and Edge opens every website via SSL without a problem.
So the provider used to access a server seems to be relevant in this context.
Hello Julian,
The package size also seems to play a role in this problem. If the packet size is set small enough in the policy (set tcp-mss-receiver and tcp-mss-sender), then this problem does not occur. Apparently the mobile provider sets the packet size smaller accordingly, so it seems to work.
Can confirm as well. Additional steps for Fortigate involve switching from Flow Mode to Proxy Mode for security features.