Duplicate cipher suite in list of supported ciphers Version 110.0.1587.57 (Official build) (64-bit)

MicrosoftEdge / WebView2Feedback

Feedback and discussions about Microsoft Edge WebView2

https://aka.ms/webview2

439 stars 51 forks source link

Duplicate cipher suite in list of supported ciphers Version 110.0.1587.57 (Official build) (64-bit) #3248

Open David-Wells5 opened 1 year ago

David-Wells5 commented 1 year ago

Description List of supported TLS cipher suites in the Client Hello has a duplicate entry. The same cipher suite is shown twice. There are two entries for Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)

Version Version 110.0.1587.57 (Official build) (64-bit) on Windows 10

Repro Steps Capture a TLS session being established using Wireshark and look at the Client Hello packet.

Screenshots Screenshot from 2023-02-28 15-27-42

Additional context I tried to attach a pcap of the flow but it seems you don't support that. If I look at the latest Chrome release and do the same thing it shows only 16 cipher suites in the list not 17 as Edge is showing and there are no duplicates. My expectation is that the list in Edge is always the same as in Chrome.

AB#43601242

novac42 commented 1 year ago

Thanks for reaching out. I've assigned this to a dev that can help follow up on this.

David-Wells5 commented 1 year ago

Hi An additional data point. One of my colleagues was running an older version of Edge and did not see the issue. When he upgraded to the latest version of Edge he immediately saw the issue so it seems to be a recent development.

Screenshots attached show the before and after details for Edge and the wireshark results

Best regards Dave Screenshot from 2023-02-28 15-49-12

David-Wells5 commented 1 year ago

Had a chance to check this on a system running Windows 11 this morning and see the same thing. Details in the screenshots below: Initially update for Windows 11 was showing an available Cumulative update. I checked to see if the problem was there without installing the update and then I checked again after installing the update. Problem seen both before and after. Screenshot 2023-03-01 104704 Above shows system status at start Screenshot 2023-03-01 110622 Above shows wireshark capture showing 17 cipher suites in the list with the duplicate present. Screenshot 2023-03-01 112040 Above shows the Edge version running on the system

Screenshot 2023-03-01 113211 Above shows system status after applying cumulative update. Screenshot 2023-03-01 113526 Above shows wireshark result after cumulative update.

LiangTheDev commented 1 year ago

Thanks for reporting the issue. I've created an internal bug for this.