# Chromium update



## ronaldlees (Feb 5, 2018)

The current www/chromium port version is 61.0 (five months old), but ports should be set to upgrade to www/chromium 62.0 shortly.

I took the plunge, ran version 62.0 on another platform, and noticed that the "most preferred" cipher in the newer browser is something called GREASE.  I have found so little information about this, but it seems it's a test suite to see how many websites break when presented with an unknown ciphersuite and unknown TLS version, and is part of the upgrade cycle to upcoming TLS 1.3.  I imagine that GREASE is entirely a dummy suite, since Chromium 62.0 is still at TLS 1.2, and it couldn't run a TLS 1.3 session.  But, are we just ahead of a looming SSL disaster, and this is a forward looking mitigation?  I'm not trying to be an alarmist, but would like to hear an expert's opinion about TLS 1.3 and GREASE, what they do now and later, and what to expect in the transition.

Edit: _Looks like it's not much to worry about:_

https://tools.ietf.org/html/draft-davidben-tls-grease-01


----------



## scottro (Feb 6, 2018)

I was going to post a photo from the movie and say, NOTHING TO WORRY ABOUT???, but couldn't decide on the best one. 

Meh here's a link to series of pictures from the film.  

https://www.fandango.com/grease1978_256/moviephotosposters and the viewer can choose if it's something to worry about or not.


----------



## drhowarddrfine (Feb 6, 2018)

Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.


----------



## ronaldlees (Feb 6, 2018)

drhowarddrfine said:


> Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.



I notice you wrote "Chrome" versus Chromium.  Using the following link, my Chromium-62.0/Raspbian browser shows only up thru TLS 1.2.  Perhaps it's in the build but not enabled by default ...

https://www.ssllabs.com/ssltest/viewMyClient.html


----------



## drhowarddrfine (Feb 6, 2018)

Yes, Chrome. I wanted to state that TLS v1.3 can be used today and it's not something "coming up" unless you meant coming up in chromium.


----------



## cpm@ (Feb 21, 2018)

Chromium has been updated to 63.0.3239.132. Keep in mind that the user agent currently supports TLS 1.2 by default.  AFAIK you can enable TLS 1.3 support in Chrome Canary via chrome://flags. Go to "Maximum TLS version enabled" and select "TLS 1.3".

For further details on the current state of TLS 1.3 in chromium, read

https://www.chromium.org/Home/tls13
https://peter.sh/experiments/chromium-command-line-switches/#tls13-variant
https://bugs.chromium.org/p/chromium/issues/detail?id=630147


----------



## Snurg (Feb 21, 2018)

Thanks also for for fixing Iridium postinstall note!


----------



## drhowarddrfine (Feb 21, 2018)

@cpm I still have the issue with tabs crashing over time. While I see this still listed on bug reports and random user postings, the fact that no one who works on chromium seems to mention it make me wonder if I'm missing something and chromium works normally. Can you clear that up?


----------



## cpm@ (Feb 21, 2018)

drhowarddrfine said:


> @cpm I still have the issue with tabs crashing over time. While I see this still listed on bug reports and random user postings, the fact that no one who works on chromium seems to mention it make me wonder if I'm missing something and chromium works normally. Can you clear that up?



Unfortunately, the tabs crashing issue has not been solved. To fix the nasty bug, I have some ideas to work with. Some of them are based on users feedback but I barely have free time at this time for testing.


----------



## cpm@ (Mar 19, 2018)

Workaround for the _hanging tabs_ issue:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226793


----------



## cpm@ (Aug 14, 2018)

cpm@ said:


> Workaround for the _hanging tabs_ issue:
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226793



Update: Some users have reported that the problem of hanging tabs is fixed in r337328.

See PR 212812 for further details or give feedback.


----------

