New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: DialWithDialer using "server name" or "IP literal" provide different results #29474
Comments
If you try the same with curl, you will get the same error. |
Hello @andymacau853, thank you for filing this issue and welcome to the Go project! Indeed, as @fraenkel beat me to (was boarding a plane and had to shutdown), you'll get the same error using curl $ curl -i https://118.163.120.170
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 118.163.120.170:443 while with the name $ curl -i https://www.globaltrust.com.tw
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDASHRRDAR=NNDNBNHBDBCNPOJMNILMEIOM; secure; path=/
Date: Wed, 02 Jan 2019 09:59:58 GMT
Content-Length: 87391 I could speculate about what's going on but I am not an expert at TLS so I'll page @FiloSottile @bradfitz @agl to help out. |
The server is rejecting connections without Server Name Indication, which is set automatically when you use a hostname, but can't be when you use an IP. If you add |
Because I must use IP to dial with tls, anyone has above solution to solve it? or golang bugs? |
You can use a pack of net.Dialer.DialContext, tls.Client add tls.Conn.Handshake instead of tls.DialWithDialer. If you need more help, please use more appropriate forums, e.g., https://github.com/golang/go/wiki/Questions, thanks. |
@andymacau853 apparently you need to set ServerName in tls.Config for this server. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
The below code response: Connection success: 118.163.120.170:443
The below code response: Connection error: read tcp 192.168.220.222:57388->118.163.120.170:443: wsarecv: An existing connection was forcibly closed by the remote host.
In fact, www.globaltrust.com.tw is 118.163.120.170, why different results if using domain or real IP?
What did you expect to see?
the both code should connect to remote successfully, no matter using domain or real IP.
What did you see instead?
Only this web site has the issue that failed to connect to remote if using an real IP.
The text was updated successfully, but these errors were encountered: