Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: improve server-side (lack of) renegotiation docs and error message #36285

Open
yulicrunchy opened this issue Dec 26, 2019 · 2 comments
Open

Comments

@yulicrunchy
Copy link

@yulicrunchy yulicrunchy commented Dec 26, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

amd64/linux

What did you do?

I am unable to renegotiate successfully using TLS 1.2 to a Go server I wrote. https://play.golang.org/p/Q39eh8PVAOP. After starting the server, I connect using openssl:
openssl s_client -connect 172.16.28.75:10000 -tls1_2. Following a successful handshake, and some test messages going through, I start a renegotiation by sending R in the openssl client session. The renegotiation fails because the Go server expects a helloRequestMessage as the first message in the renegotiation while theopenssl client sends a clientHelloMessage as the first message in the renegotiation.

What did you expect to see?

A successful renegotiation as demonstrated when running the same server using openssl s_server -key /home/vagrant/easy-rsa/easyrsa3/pki/private/server.key -cert /home/vagrant/easy-rsa/easyrsa3/pki/issued/server.crt -accept 10000.

And output from renegotiation on the client:

R
RENEGOTIATING
depth=0 CN = server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server
verify error:num=21:unable to verify the first certificate
verify return:1

What did you see instead?

On the server:

$ go run test.go
2019/12/26 15:30:25 New connection
2019/12/26 15:30:26 tls: received unexpected handshake message of type *tls.clientHelloMsg when waiting for *tls.helloRequestMsg
exit status 1

On the client:

---
R
RENEGOTIATING
4684979820:error:140043F2:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 10
4684979820:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585:
@agnivade agnivade changed the title TLS 1.2 renegotiation fails because of expected `tls.helloRequestMsg` instead of `tls.clientHelloMsg` crypto/tls: TLS 1.2 renegotiation fails because of expected `tls.helloRequestMsg` instead of `tls.clientHelloMsg` Dec 27, 2019
@agnivade

This comment has been minimized.

Copy link
Contributor

@agnivade agnivade commented Dec 27, 2019

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Dec 29, 2019

We only support renegotiation on the client side. Go servers don't support renegotiation.

The error message and the docs can be improved.

@FiloSottile FiloSottile added this to the Go1.15 milestone Dec 29, 2019
@FiloSottile FiloSottile changed the title crypto/tls: TLS 1.2 renegotiation fails because of expected `tls.helloRequestMsg` instead of `tls.clientHelloMsg` crypto/tls: improve server-side (lack of) renegotiation docs and error message Dec 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.