Search code examples
puppeteerchromiumheadless

Chromium TLS flags ignored when in headless mode

I want to restrict Chromium to use up to TLSv1.2 protocol, according to Chromium source code we can force the TLS versions with some specific flags.

If I run Chromium normally with such flags like 

./Chromium --ignore-certificate-errors --ssl-version-min=tls1 --ssl-version-max=tls1.2 --tlsv1 --tlsv1.1 --tlsv1.2 https://104.17.209.9

Capture without headless mode

I will end up seeing TLSv1.2 handshake as expected. If I run the same command but in headless mode, Chromium ends up using TLSv1.3.

./Chromium --headless --ignore-certificate-errors --ssl-version-min=tls1 --ssl-version-max=tls1.2 --tlsv1 --tlsv1.1 --tlsv1.2 https://104.17.209.9

Capture with headless mode

Why is this happening? Headless mode ignore/disable such flags?

Testing with Chromium 80.0.3987.0 on macOS Catalina 10.15.2 using the version coming with puppeteer 2.1.1

Solution

  • According to this chromium issue:

    The command-line flag is seen as part of our Enterprise configuration options, and I don't believe it's expected that Headless observes Enterprise flags (command-line or those set via Enterprise configuration stores, such as the Registry or Cloud Device Management)