crypto/tls: remote error: handshake failure #8608
Labels
Milestone
Comments
|
in my case, this is case by remote server does not support tls version renegotiation. try follow config, hope this can help you: config := tls.Config{ ref: |
mikioh
changed the title
|
Sounds like a dup of #5742. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by webluoye:
What does 'go version' print? go version go1.3.1 linux/amd64 What steps reproduce the problem? remote error: handshake failure use tls package connect to orgrfcote1.publicinterestregistry.net:700 not success error mmessage:remote error: handshake failure when using GO 1.2 can connect successfully. golang code: cert, err := tls.LoadX509KeyPair("my.ename.cn.crt", "my.ename.cn.key") if err != nil { log.Fatalf("server: loadkeys: %s", err) } config := tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.VerifyClientCertIfGiven, InsecureSkipVerify: true} ladd, lerr := net.ResolveTCPAddr("tcp", "192.168.200.53:0") if lerr != nil { log.Fatalf("local addr: %s", lerr) } radd, rerr := net.ResolveTCPAddr("tcp", "orgrfcote1.publicinterestregistry.net:700") if rerr != nil { log.Fatalf("server addr: %s", rerr) } ipConn, err := net.DialTCP("tcp", ladd, radd) conn := tls.Client(ipConn, &config) if err != nil { log.Fatalf("client DialTCP: %s", err) } defer conn.Close() hsErr := conn.Handshake() if hsErr != nil { fmt.Printf("Client connected to: %v\n", conn.RemoteAddr()) fmt.Printf("%s", hsErr) os.Exit(0) } else { fmt.Printf("Client connected to: %v\n", conn.RemoteAddr()) fmt.Printf("Cert Checks OK\n") } result: 2014/08/28 15:07:15 client: connected to: 66.199.183.31:700 Client connected to: 66.199.183.31:700 remote error: handshake failure --------------------------------------------------------------------------------------------------------- use NODEJS is ok code: var tls = require('tls'); var fs = require('fs'); var options = { rejectUnauthorized: false, port: 700, host: 'orgrfcote1.publicinterestregistry.net', key: fs.readFileSync('my.ename.cn.key'), cert: fs.readFileSync('my.ename.cn.crt') }; var cleartextStream = tls.connect(options, function() { console.log('client connected', cleartextStream.authorized ? 'authorized' : 'unauthorized'); }); cleartextStream.setEncoding('utf8'); cleartextStream.on('data', function(data) { console.log(data); console.log(cleartextStream.remoteAddress+":"+cleartextStream.remotePort); }); cleartextStream.on('end', function() { server.close(); }); result: client connected authorized �g<?xml version='1.0' encoding='UTF-8'?> <epp xmlns='urn:ietf:params:xml:ns:epp-1.0' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd'><greeting><svID>Redwood EPP Server</svID><svDate>2014-08-28T07:09:31.0Z</svDate><svcMenu><version>1.0</version><lang>en-US</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><svcExtension><extURI>urn:afilias:params:xml:ns:oxrs-1.1</extURI><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:afilias:params:xml:ns:idn-1.0</extURI><extURI>urn:afilias:params:xml:ns:trademark-1.0</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:launch-1.0</extURI></svcExtension></svcMenu><dcp><access><personal/></access><statement><purpose><admin/><other/></purpose><recipient><unrelated/><ours><recDesc>Public Interest Registry</recDesc></ours><public/></recipient><retention><legal/></retention></statement><expiry><relative>P10Y0M0DT0H0M0.0S</relative></expiry></dcp></greeting></epp> 66.199.183.31:700The text was updated successfully, but these errors were encountered: