Locked

Flash Player 27.0.0.170 - IE Plugin - HTTPS\TLS Sites

Community Beginner ,
Nov 06, 2017 Nov 06, 2017

Copy link to clipboard

Copied

I recently (in the past 2 weeks) deployed Flash Player to our enterprise (10000+ pc's) running Windows 7 enterprise and all on IE 11. We recently have been getting calls regarding HTTPS websites  not displaying showing an error with TLS. Typically resetting IE settings and or closing IE fixes the issue but this all began when we deployed 170 to the machines. Has anyone else seen any issues with sites not displaying after deploying this version of Flash ? We were made aware of the VMWare bug but the subset of users who noticed that are small compared to the number of calls regarding the HTTPS sites not displaying. It seems to have gotten progressively worse as of recent. We deploy the IE add on with auto update DISABLED so our machines would still be at 170 unless Adobe released another silent update similar to the Acrobat pro licensing silent update ~ 6 mos ago.

Views

320

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 07, 2017 Nov 07, 2017

Copy link to clipboard

Copied

There's nothing like this on my radar.  If you have any publicly accessible examples that reproduce the problem, I'd be happy to take a look.  It's also that case that Flash Player doesn't generally throw errors at end users.  If there's a security issue, like we fail to negotiate an HTTPS handshake, or there's a hostname mismatch, we're just going to fail silently.

You might be able to get more information by running a debugger variant of Flash Player on a test machine.

We might be more strict about some SSL configurations that aren't really secure (by virtue of a library update), but anything like this most likely affected 27.0.0.159 and/or before.  Versions 27.0.0.170 and 27.0.0.183 are basically one changelist different from 27.0.0.159, and they didn't touch SSL.

If it's a couple distinct hosts in your network, you might scan their SSL configuration to see if it's reasonable.  If they're depending on a broken algorithm, it's possible that maybe it's disabled by default in current library versions, and we picked that behavior up, but I don't believe that this would be new.

Aside from that, I'd really need an actionable bug report to do much.  We have an extensive TLS test suite, and it's passing.

You can always get the latest Flash Player version information here:

Adobe - Flash Player

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 15, 2017 Nov 15, 2017

Copy link to clipboard

Copied

LATEST

Just curious about whether or not you guys made any headway with this.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines