New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: remote error: handshake failure #9446
Comments
If the server requires client certificate, have you set your tlsconfig |
cert, err := tls.LoadX509KeyPair(eppConfig.crtPath, eppConfig.keyPath) |
Reproducing script: package main
import (
"crypto/tls"
"fmt"
"net"
)
func resolve(u string) {
dialer := new(net.Dialer)
rawConn, err := dialer.Dial("tcp", u)
if err != nil {
fmt.Println("failed to dial: ", err.Error())
return
}
config := &tls.Config{InsecureSkipVerify: true}
conn := tls.Client(rawConn, config)
fmt.Println(u, conn.Handshake())
conn.Close()
}
func main() {
failingUrls := []string{
"www.vineclient.com:443",
"www.freespeech.org:443",
"www.visa.go.kr:443",
"pressroom.turner.com:443",
"robertsspaceindustries.com:443",
}
for _, u := range failingUrls {
resolve(u)
}
} |
Reproducing script using an http client directly: package main
import (
"crypto/tls"
"fmt"
"net/http"
"time"
)
func resolve(u string) {
transport := &http.Transport{
MaxIdleConnsPerHost: 250,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
client := http.Client{
Transport: transport,
Timeout: 15 * time.Second,
}
fmt.Println(client.Get(u))
}
func main() {
failingUrls := []string{
"https://www.vineclient.com",
"https://www.freespeech.org",
"https://www.visa.go.kr",
"https://pressroom.turner.com",
"https://robertsspaceindustries.com",
}
for _, u := range failingUrls {
resolve(u)
}
} |
www.vineclient.com:443 seems to only accept TLS_DHE_* ciphersuites These ciphersuites are not available in crypto/tls. |
@agl, should crypto/tls return more details than just "remote error: handshake failure" ? |
"remote error: handshake failure" means that the peer sent us a numeric error code that means "handshake error". In this case we don't have any additional information to return even if we wanted to. |
It doesn't sound like there's much we can do about this. |
well, the problem seems to be a difference in supported ciphersuites between the client and the server (see @ebfe's comment above). It might get solved once the missing ciphersuites are available in crypto/tls. |
go 1.5 test ok |
go version:1.4
connect to server with ssl get error msg "remote error: handshake failure"
code:
ipConn, err := net.DialTCP("tcp", ladd, radd)
conn := tls.Client(ipConn, tlsconfig)
hsErr := conn.Handshake()
use openssl is ok
openssl s_client -connect ote1.dotasia.net:700 -cert certs/crt -key certs/key -showcerts -state
The text was updated successfully, but these errors were encountered: