Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: TLS1.2 connections are getting broken with encryption alert with code 21 but based on RFC 5246 it shouldn't be. #66268

Closed
mramakishore opened this issue Mar 12, 2024 · 3 comments
Closed

crypto/tls: TLS1.2 connections are getting broken with encryption alert with code 21 but based on RFC 5246 it shouldn't be. #66268

mramakishore opened this issue Mar 12, 2024 · 3 comments
Labels
WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.

Comments

@mramakishore
Copy link

Go version

golang 1.18.3

Output of go env in your module/workspace:

[root@dd026df55906 /]# go env
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/opt/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/opt/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/opt/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/opt/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.3"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build154115230=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Go lang Rest server with TLS1.2 connections are getting closed abroptly with encrypted alert code 21(decryption_failed_RESERVED), but as per RFC it is not recomended to send such alert code.

What did you see happen?

Connection between client & server is broken, and in pcap we saw alert code 21.

What did you expect to see?

Connection should not be broken, if broken then expected to see appropriate alert code other than 21.
@seankhliao seankhliao changed the title TLS1.2 connections are getting broken with encryption alert with code 21 but based on RFC 5246 it shouldn't be. crypto/tls: TLS1.2 connections are getting broken with encryption alert with code 21 but based on RFC 5246 it shouldn't be. Mar 12, 2024
@bradfitz
Copy link
Contributor

Can you try with Go 1.22?

@cherrymui cherrymui added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Mar 14, 2024
@cherrymui
Copy link
Member

Go 1.18.3 is pretty outdated and no longer supported. As @bradfitz mentioned, could you try a newer version of Go like Go 1.22? Thanks.

@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@gopherbot gopherbot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bradfitz @gopherbot @cherrymui @mramakishore