Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: TLS Handshake Error #6618

Closed
spuranam opened this issue Oct 18, 2013 · 8 comments
Closed

crypto/tls: TLS Handshake Error #6618

spuranam opened this issue Oct 18, 2013 · 8 comments
Labels
FrozenDueToAge
Milestone
Go1.2

Comments

@spuranam
Copy link 

sample test script that consistently fails with message "remote error: handshake
failure" when complied with Go1.2rc2, where as it works as expected with go 1.1.2

What steps will reproduce the problem?
http://play.golang.org/p/fee_Y8y3mU

What is the expected output?
OS:windows
Arch:amd64
Go Version:go1.1.2

Certificate chain:0
Common Name:www.ehpas.ford.com
Alternate Name:[www.ehpas.ford.com wwwqa.ehpas.ford.com wwwdev.ehpas.ford.com
wwwmg2.ehpas.ford.com wwwqamg2.ehpas.ford.com wwwdevmg2.ehpas.ford.com ehpas.ford.com]
Valid Not Before:2013-03-10 05:18:57 -0400 EDT
================================================================================

Certificate chain:1
Common Name:GlobalSign Organization Validation CA - G2
Alternate Name:[]
Valid Not Before:2011-04-13 06:00:00 -0400 EDT
================================================================================

Certificate chain:2
Common Name:GlobalSign Root CA
Alternate Name:[]
Valid Not Before:1998-09-01 08:00:00 -0400 EDT
================================================================================

What do you see instead?
OS:windows
Arch:amd64
Go Version:go1.2rc2

remote error: handshake failure

Which compiler are you using (5g, 6g, 8g, gccgo)?
6g

Which operating system are you using?
Windows 7 (amd64) and Ubuntu 10.13 (amd64)

Which version are you using?  (run 'go version')
go1.2rc2

Please provide any additional information below.
See discussion at https://groups.google.com/forum/#!topic/golang-dev/M4avsNHMLaw
@rsc
Copy link
Contributor

rsc commented Oct 18, 2013

Comment 1:

Labels changed: added priority-soon, go1.2, removed priority-triage.

Status changed to Accepted.

@alexbrainman
Copy link
Member

Comment 2:

Cannot connect:
# go run main.go
OS:linux
Arch:386
Go Version:devel +d2cb80eac1ac Sat Oct 05 14:15:02 2013 +1000
dial tcp 19.107.1.12:7703: i/o timeout
exit status 1
Please, provided something we can access. Thank you.
Alex

Status changed to WaitingForReply.

@alexbrainman
Copy link
Member

Comment 4:

I don't know enough about SSL. You have to wait for others. I was just going to trace
your program. You can do too - add print here and there ...
Alex

@spuranam
Copy link
Author

Comment 5:

Alex,
I was able reproduce the aforementioned issue with one our public facing
site. I have posted the new code @ http://play.golang.org/p/bdPEe4_QXA

@alexbrainman
Copy link
Member

Comment 6:

Thank you very much. I can see it broken by https://golang.org/cl/10762044/. It
breaks at the very start of negotiation - your server's first packet is error. I don't
know enough about this. Lets wait for agl.
Alex

@agl
Copy link
Contributor

agl commented Oct 21, 2013

Comment 7:

The problem here is that, although the server calculates the handshake hash with SHA256
and doesn't actually need to implementing signing at all, it aborts the connection if
the client only supports SHA256 signatures.
Should be fixed by https://golang.org/cl/15650043/, which is pending review.

Owner changed to @agl.

Status changed to Started.

@agl
Copy link
Contributor

agl commented Oct 21, 2013

Comment 8:

This issue was closed by revision efed6f9.

Status changed to Fixed.

@adg
Copy link
Contributor

adg commented Nov 1, 2013

Comment 9:

This issue was closed by revision d89d72656f60.

@rsc rsc added this to the Go1.2 milestone Apr 14, 2015
@rsc rsc removed the go1.2 label Apr 14, 2015
adg added a commit that referenced this issue May 11, 2015
@adg
[release-branch.go1.2] crypto/tls: advertise support for RSA+SHA1 in …
6cbfe8d 
…TLS 1.2 handshake.

««« CL 15650043 / 29d3ab5ced5a
crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake.

Despite SHA256 support being required for TLS 1.2 handshakes, some
servers are aborting handshakes that don't offer SHA1 support.

This change adds support for signing TLS 1.2 ServerKeyExchange messages
with SHA1. It does not add support for signing TLS 1.2 client
certificates with SHA1 as that would require the handshake to be
buffered.

Fixes #6618.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/15650043
»»»

R=golang-dev
CC=golang-dev
https://golang.org/cl/20570043
@golang golang locked and limited conversation to collaborators Jun 25, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake.
1a11255 
Despite SHA256 support being required for TLS 1.2 handshakes, some
servers are aborting handshakes that don't offer SHA1 support.

This change adds support for signing TLS 1.2 ServerKeyExchange messages
with SHA1. It does not add support for signing TLS 1.2 client
certificates with SHA1 as that would require the handshake to be
buffered.

Fixes golang#6618.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/15650043
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.2
Development

No branches or pull requests
6 participants
@agl @rsc @spuranam @adg @gopherbot @alexbrainman