Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/net/http2: Required ciphers error message is confusing #34776

Open
scottmmjackson opened this issue Oct 8, 2019 · 2 comments

Comments

@scottmmjackson
Copy link

commented Oct 8, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.10 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build134947043=/tmp/go-build -gno-record-gcc-switches"

What did you do?

In cipher customization code, included TLS_AES_128_GCM_SHA256 in CipherSuites member to a tls.Config struct, which was subsequently passed to http.Server and ListenAndServeTLS()

What did you expect to see?

Proper startup

What did you see instead?

http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.

What the test actually wants is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. I imagine that prior to the introduction of TLS_AES_128_GCM_SHA256 this error message was less ambiguous. However, it is now misleading.

@andybons

This comment has been minimized.

Copy link
Member

commented Oct 10, 2019

@andybons andybons added this to the Unplanned milestone Oct 10, 2019
@bradfitz bradfitz self-assigned this Oct 10, 2019
@gopherbot

This comment has been minimized.

Copy link

commented Oct 10, 2019

Change https://golang.org/cl/200317 mentions this issue: http2: make CipherSuites validation error more verbose

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.