Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: no cipher suite supported by both client and server #23330

Closed
chowyu08 opened this issue Jan 4, 2018 · 3 comments
Closed

crypto/tls: no cipher suite supported by both client and server #23330

chowyu08 opened this issue Jan 4, 2018 · 3 comments
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone

Comments

@chowyu08
Copy link

chowyu08 commented Jan 4, 2018

What version of Go are you using (go version)?

golang1.9.2

Does this issue reproduce with the latest release?

tls error: with no cipher suite supported by both client and server

What operating system and processor architecture are you using (go env)?

broker: ubuntu16.04
device: no system

What did you do?

I run a mqtt broker with tls wirte by golang, for device connect.
listener code :
l, err = tls.Listen("tcp", addr, b.TLSConfig)

result:
paho mqtt client , mosquitto_sub, mosquitt_pub was ok, but device was wrong with the error " no cipher suite supported by both client and server"

but when i use the same certs with mosquitto broker, device connect success.

What did you expect to see?

wireshark message in the broker write by golang:
mosquitto client package
image

device package
image

the device miss some extensions, but mosquitto can accept connect, my broker was wrong.

@bradfitz bradfitz changed the title golang tls: no cipher suite supported by both client and server crypto/tls: no cipher suite supported by both client and server Jan 4, 2018
@bradfitz
Copy link
Contributor

bradfitz commented Jan 4, 2018

What is "device"?

@bradfitz bradfitz added this to the Go1.11 milestone Jan 4, 2018
@bradfitz bradfitz added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Jan 4, 2018
@chowyu08
Copy link
Author

chowyu08 commented Jan 4, 2018

@bradfitz "device" is a micro machine with a firmware, support MQTT protocol, can connect to network.

I add a Haproxy in the front of my broker written by golang, TLS validate success and device connect success.

@bradfitz
Copy link
Contributor

bradfitz commented Jan 4, 2018

Your screenshot shows your device offering 85 cipher suites. Which ones?

The error you cited was "no cipher suite supported by both client and server", so apparently there's no overlap between what the server is offering and what your device supports.

You can probably change your server's *tls.Config to offer more cipher suites, but you'll need to figure out which ones your device supports.

It doesn't look like there's a Go bug here. You just need to configure your program to match what your device supports, which might be old & insecure.

@bradfitz bradfitz closed this as completed Jan 4, 2018
@golang golang locked and limited conversation to collaborators Jan 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Development

No branches or pull requests

3 participants