Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: no cipher suite supported by both client and server #23330

Closed
chowyu08 opened this issue Jan 4, 2018 · 3 comments
Closed

crypto/tls: no cipher suite supported by both client and server #23330

chowyu08 opened this issue Jan 4, 2018 · 3 comments

Comments

@chowyu08
Copy link

@chowyu08 chowyu08 commented Jan 4, 2018

What version of Go are you using (go version)?

golang1.9.2

Does this issue reproduce with the latest release?

tls error: with no cipher suite supported by both client and server

What operating system and processor architecture are you using (go env)?

broker: ubuntu16.04
device: no system

What did you do?

I run a mqtt broker with tls wirte by golang, for device connect.
listener code :
l, err = tls.Listen("tcp", addr, b.TLSConfig)

result:
paho mqtt client , mosquitto_sub, mosquitt_pub was ok, but device was wrong with the error " no cipher suite supported by both client and server"

but when i use the same certs with mosquitto broker, device connect success.

What did you expect to see?

wireshark message in the broker write by golang:
mosquitto client package
image

device package
image

the device miss some extensions, but mosquitto can accept connect, my broker was wrong.

@bradfitz bradfitz changed the title golang tls: no cipher suite supported by both client and server crypto/tls: no cipher suite supported by both client and server Jan 4, 2018
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Jan 4, 2018

What is "device"?

@bradfitz bradfitz added this to the Go1.11 milestone Jan 4, 2018
@chowyu08

This comment has been minimized.

Copy link
Author

@chowyu08 chowyu08 commented Jan 4, 2018

@bradfitz "device" is a micro machine with a firmware, support MQTT protocol, can connect to network.

I add a Haproxy in the front of my broker written by golang, TLS validate success and device connect success.

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Jan 4, 2018

Your screenshot shows your device offering 85 cipher suites. Which ones?

The error you cited was "no cipher suite supported by both client and server", so apparently there's no overlap between what the server is offering and what your device supports.

You can probably change your server's *tls.Config to offer more cipher suites, but you'll need to figure out which ones your device supports.

It doesn't look like there's a Go bug here. You just need to configure your program to match what your device supports, which might be old & insecure.

@bradfitz bradfitz closed this Jan 4, 2018
@golang golang locked and limited conversation to collaborators Jan 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.