Skip to content

crypto/tls: improve server-side (lack of) renegotiation docs and error message #36285

New issue
New issue
Open
Open
crypto/tls: improve server-side (lack of) renegotiation docs and error message#36285
Labels
DocumentationIssues describing a change to documentation.NeedsFixThe path to resolution is known, but the work has not been done.help wanted
Milestone
Backlog
@gitstashpop

Description

@gitstashpop
gitstashpop
opened on Dec 26, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

amd64/linux

What did you do?

I am unable to renegotiate successfully using TLS 1.2 to a Go server I wrote. https://play.golang.org/p/Q39eh8PVAOP. After starting the server, I connect using openssl:
openssl s_client -connect 172.16.28.75:10000 -tls1_2. Following a successful handshake, and some test messages going through, I start a renegotiation by sending R in the openssl client session. The renegotiation fails because the Go server expects a helloRequestMessage as the first message in the renegotiation while theopenssl client sends a clientHelloMessage as the first message in the renegotiation.

What did you expect to see?

A successful renegotiation as demonstrated when running the same server using openssl s_server -key /home/vagrant/easy-rsa/easyrsa3/pki/private/server.key -cert /home/vagrant/easy-rsa/easyrsa3/pki/issued/server.crt -accept 10000.

And output from renegotiation on the client:

R
RENEGOTIATING
depth=0 CN = server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server
verify error:num=21:unable to verify the first certificate
verify return:1

What did you see instead?

On the server:

$ go run test.go
2019/12/26 15:30:25 New connection
2019/12/26 15:30:26 tls: received unexpected handshake message of type *tls.clientHelloMsg when waiting for *tls.helloRequestMsg
exit status 1

On the client:

---
R
RENEGOTIATING
4684979820:error:140043F2:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 10
4684979820:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585:

Metadata

Metadata

Assignees

No one assigned

    Labels

    DocumentationIssues describing a change to documentation.NeedsFixThe path to resolution is known, but the work has not been done.help wanted

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions