New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: "bad record MAC" error on TLS Handshake - Go1.2 bug, regression from Go1.1 #7085
Labels
Comments
Comment 1 by manoj.dayaram@moovweb.com: Update, tried these steps with the latest Go code compiled off of +8a7395c26adc and the issue still persists. |
Comment 2 by manoj.dayaram@moovweb.com: Through process of elimination, I've found that the issue was introduced from this commit: https://code.google.com/p/go/source/detail?r=4e008dc85dc8 |
Owner changed to @agl. Status changed to Accepted. |
Comment 4 by manoj.dayaram@moovweb.com: This is a blocking issue for us, and if possible, we would really appreciate a patch that we could apply to our local go1.2 version that would fix the issue. I know that releasing something like Go1.2.1 is out of the question and this fix will most likely go into 1.3, but we'd really appreciate something that we could apply immediately if possible. |
It's a server bug. Specifically it's matching the version number in the RSA PMS with its version, not the client's version. OpenSSL and NSS also fail to connect. It's easy to work around however: you can set MaxVersion in tls.Config to tls.VersionTLS10. If you have any contacts with the server operators however you should really encourage them to update: https://www.ssllabs.com/ssltest/analyze.html?d=clubs2qa.scholastic.com Status changed to WorkingAsIntended. |
Comment 6 by manoj.dayaram@moovweb.com: I see, thanks for the help Adam. That workaround is actually quite useful. We'll see what are options are from there. Thanks again. |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by manoj.dayaram@moovweb.com:
The text was updated successfully, but these errors were encountered: