Chrome (v71) ERR_CONNECTION_RESET on Self Signed localhost on Windows 8 Embedded

Question

I run WCF service exposes API on local machine (https://localhost:8080/MyApi), self signed SHA-256 certificate registered on local machine, executed "netsh http add sslcert ipport=0.0.0.0:8080 certhash=... appid=..." and when browsing to https://localhost:8080/MyApi from Chrome it shows ERR_CONNECTION_RESET.

Now the funny part:

1. Works fine with Chrome v41. Happened only after upgrading to Chrome v69 (and same on v71).
2. Browsing from IE works well.
3. Calling the API from PowerShell web-invoke works either.
4. Same everything on Windows 10 works fine.
5. Modifying #allow-insecure-localhost to ENABLED works on Windows 10, but not on Windows 8 Embedded.

After activating chrome logging found this:

{"params":{"net_error":-101,"os_error":10054},"phase":0,"source":{"id":7810,"type":8},"time":"52598608","type":68},
{"params":{"error_lib":33,"error_reason":101,"file":"../../net/socket/socket_bio_adapter.cc","line":154,"net_error":-101,"ssl_error":1},"phase":0,"source":{"id":7810,"type":8},"time":"52598608","type":54},

Additional Chrome logging:

[8652:5036:0107/174231.775:ERROR:ssl_client_socket_impl.cc(1013)] handshake failed; returned -1, SSL error code 1, net_error -101 [8652:5036:0107/174231.793:ERROR:ssl_client_socket_impl.cc(1013)] handshake fail ed; returned -1, SSL error code 1, net_error -101 [8652:5036:0107/174231.795:ERROR:ssl_client_socket_impl.cc(1013)] handshake fail ed; returned -1, SSL error code 1, net_error -101

Do you have any idea how to make Chrome access successfully my WCF localhost server?

Answer 1

How do you publish your wcf service? I would like you could post more details about your service. I followed your steps while could not reproduce your problem. Here is my demo, wish it is useful to you.
Server (Console application,IP: 10.157.13.69).

class Program
    {
        static void Main(string[] args)
        {
            using (ServiceHost sh = new ServiceHost(typeof(MyService)))
            {
              
                sh.Opened += delegate
                {
                    Console.WriteLine("service is ready...");
                };
                sh.Closed += delegate
                {
                    Console.WriteLine("Service is closed");
                };
                sh.Open();
                Console.ReadLine();
                sh.Close();
            }
        }
    }
    [ServiceContract]
    public interface IService
    {
        [OperationContract]
        [WebGet]
        string SayHello();
    } 
    public class MyService : IService
    {
        public string SayHello()
        {
            return $"Hello, busy world\n{DateTime.Now.ToShortTimeString()}";
        }
}

app.config

<system.serviceModel>
    <services>
      <service name="Server6.MyService" behaviorConfiguration="mybeh">
        <endpoint address="" binding="webHttpBinding" contract="Server6.IService" behaviorConfiguration="rest" bindingConfiguration="mybinding" >
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:13060"/>
          </baseAddresses>
        </host>
      </service>
    </services>
    <bindings>
      <webHttpBinding>
        <binding name="mybinding">
          <security mode="Transport">
            <transport clientCredentialType="None"></transport>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="mybeh">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"></serviceMetadata>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="rest">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

Binding the certificate to the ip port

netsh http add sslcert ipport=0.0.0.0:13060
certhash=6e48c590717cb2c61da97346d5901b260e983850 appid={AA228B95-6613-4D58-9236-2C263AFDF231}

Result. these browser version is all V71.0
Local.

Remote mechine.

Browser.

Feel free to let me know if there is anything I can help with.