Problem accessing Splashtop Gateway web console

Following a browser update in early 2024, the hybridized Kyber algorithm under TLS 1.3 was set to default enabled in the modern browsers including Google Chrome, Firefox, and Edge (see below table for the details). This change, intended to enhance security measures, unfortunately led to compatibility issues that affected access to Splashtop Gateway web console.

 

Affected Browsers

 

Browser

Windows

Mac

Linux

ChromeOS

Android

iOS

Chrome

Chrome 124

Chrome 124

Chrome 124

Chrome 124

10% since Chrome 118

n/a

Firefox

about:config

about:config

about:config

n/a

about:config

n/a

Safari

Unavailable

Unavailable

Unavailable

n/a

n/a

Unavailable

 

Table last updated 2024-05-06


  1. All browsers on iOS internally use WebKit, and so the rollout is dependent on Apple. 

  2. There is no Firefox or Safari for ChromeOS. 

  3. There is no Safari for Android. 

 

Why the Bug ?

The Internet is currently transitioning to post-quantum cryptography (PQC), a necessary shift given the potential of future quantum computers to break most existing public-key cryptosystems. This transition aims to secure digital communications against such advanced threats before quantum computers become operational.

The TLS protocol allows a server and client to negotiate cryptographic algorithms based on mutual compatibility. Ideally, servers that do not yet support post-quantum algorithms should ignore these options and default to classical algorithms instead.

The complication arises with TLS ClientHello messages, which are significantly larger when offering post-quantum cryptography than their classical counterparts. This increase in size can result in messages that exceed the single-packet transmission threshold, which breaks the TLS handling mechanism applied in our server.

 

Typical behavior when the bug is hit

When navigating the Splashtop Gateway Web Portal, some pages fail to open with error messages similar to the one below displayed at the bottom of the window.

"Connect to remote server failure!: Http failure response for /api/web/vi/sys/status?info=0: 0 Unknown Error"

 

How to fix the issue

A quick workaround is to disable "TLS 1.3 hybridized Kyber support" from the browser. 

Edge browser:

Please put in "edge://flags/" in the address bar on top and look for the option "TLS 1.3 hybridized Kyber support". Change the option from default to disabled and relaunch the browser.
From Chrome browser

Please put in "chrome://flags/" in the address bar and enter.
Look for the same exact option "TLS 1.3 hybridized Kyber support", change it from default to disabled, and relaunch the browser.

 

To completely fix the issue, please upgrade the Splashtop Gateway to the latest v3.28.2. Downloads of the Gateway installer and instructions to perform the upgrade are available in the link below:

Splashtop Gateway v3.28.2

Kindly be reminded to take a backup of the Splashtop Gateway before executing the upgrade. 

 

 

0 out of 0 found this helpful