Description
What version of Go are you using (go version
)?
$ go version go version devel +006a5e7d00 Thu Jan 17 01:28:22 2019 +0000 darwin/amd64
Just spent too much time tracking down a bug in our code that was reported by the servers as "tls: internal error" but was actually not an internal error at all.
The offending line is handshake_server_tls13.go:636:
sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts) if err != nil { c.sendAlert(alertInternalError) return errors.New("tls: failed to sign handshake: " + err.Error()) }
The real error is this:
crypto/rsa: key size too small for PSS signature
It is a 1.3-specific problem; our code worked with TLS 1.2 and we spent a long time trying to figure out what the actual problem was. I ended up hacking crypto/tls to report the actual errors when reporting an internal one just to find out where this was happening (there are about 50 appearances of alertInternalError
in the code). Once I found where the problem was, it was easy to fix - just increase our key size - but it was certainly not an internal error, and calling it one made it much harder to figure out our problem.
I think that instead of alerting with the special alert type, it should be alerting with the error. To do this would require minor changes to the alert mechanism so that c.sendAlert accepts the error type rather than the custom alert type.
Given that this particular problem was triggered by a change from 1.2 to 1.3 (I surmise), others might have similar problems. It might be prudent to address this as part of 1.12, which introduces 1.3 as the default.