Our support team has begun to receive sporadic reports of error messages displayed to website visitors using the Chrome browser. Since these reports were only observed on servers that had received the patch, they appear related. Upon further investigation, it was discovered that Microsoft had recently become aware of this issue as well, having updated their security notice with the following:
We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail. When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive. You may also receive an error message ... in the System log in Event Viewer.
Progress on the implementation of the critical Microsoft SChannel update is continuing. We understand that some website users may have a less than optimal experience until Microsoft provides an additional update to adjust for the Chrome browser. In the meantime, the users should use another browser.
We will continue to monitor all updates as they proceed and keep our customers informed.
____________________________________________________
Update, 11/17/2014:
On November 14 the first reports of this issue were made to the Google Chromium Team. You can follow their progress independently by monitoring the issue report on the
Chrome Development forum post.
Managed.com will continue to keep our customers informed on the progress of this issue.
____________________________________________________
Update, 11/18/2014:
As of yesterday, November 17, the Chromium dev team was still actively working the issue. Additional reports had been registered and another Chromium issue report was found to be related and was merged into
one thread. No permanent solution has been presented yet, however there appears to be a work-around in the making.
A handful of tech bloggers have suggested uninstalling the patch, however we believe that they underestimate the potential risks. Again, this issue does not affect Managed.com Linux-based customers and is limited to users who are using the Chrome browser to establish a TLS 1.2 connection with sites on updated Windows servers under certain circumstances.
Managed.com will continue to keep our customers informed on the progress of this issue.
Published: November 15, 2014 at 3:25 PM