Does this issue reproduce with the latest release?
What operating system and processor architecture are you using (go env)?
What did you do?
I am unable to renegotiate successfully using TLS 1.2 to a Go server I wrote. https://play.golang.org/p/Q39eh8PVAOP. After starting the server, I connect using openssl: openssl s_client -connect 172.16.28.75:10000 -tls1_2. Following a successful handshake, and some test messages going through, I start a renegotiation by sending R in the openssl client session. The renegotiation fails because the Go server expects a helloRequestMessage as the first message in the renegotiation while theopenssl client sends a clientHelloMessage as the first message in the renegotiation.
What did you expect to see?
A successful renegotiation as demonstrated when running the same server using openssl s_server -key /home/vagrant/easy-rsa/easyrsa3/pki/private/server.key -cert /home/vagrant/easy-rsa/easyrsa3/pki/issued/server.crt -accept 10000.
And output from renegotiation on the client:
depth=0 CN = server
verify error:num=20:unable to get local issuer certificate
depth=0 CN = server
verify error:num=21:unable to verify the first certificate
What did you see instead?
On the server:
$ go run test.go
2019/12/26 15:30:25 New connection
2019/12/26 15:30:26 tls: received unexpected handshake message of type *tls.clientHelloMsg when waiting for *tls.helloRequestMsg
exit status 1
On the client:
4684979820:error:140043F2:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 10
4684979820:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585:
The text was updated successfully, but these errors were encountered:
changed the title
TLS 1.2 renegotiation fails because of expected tls.helloRequestMsg instead of tls.clientHelloMsgDec 27, 2019