You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (go env)?
amd64/linux
What did you do?
I am unable to renegotiate successfully using TLS 1.2 to a Go server I wrote. https://play.golang.org/p/Q39eh8PVAOP. After starting the server, I connect using openssl: openssl s_client -connect 172.16.28.75:10000 -tls1_2. Following a successful handshake, and some test messages going through, I start a renegotiation by sending R in the openssl client session. The renegotiation fails because the Go server expects a helloRequestMessage as the first message in the renegotiation while theopenssl client sends a clientHelloMessage as the first message in the renegotiation.
What did you expect to see?
A successful renegotiation as demonstrated when running the same server using openssl s_server -key /home/vagrant/easy-rsa/easyrsa3/pki/private/server.key -cert /home/vagrant/easy-rsa/easyrsa3/pki/issued/server.crt -accept 10000.
And output from renegotiation on the client:
R
RENEGOTIATING
depth=0 CN = server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server
verify error:num=21:unable to verify the first certificate
verify return:1
What did you see instead?
On the server:
$ go run test.go
2019/12/26 15:30:25 New connection
2019/12/26 15:30:26 tls: received unexpected handshake message of type *tls.clientHelloMsg when waiting for *tls.helloRequestMsg
exit status 1
On the client:
---
R
RENEGOTIATING
4684979820:error:140043F2:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert unexpected message:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 10
4684979820:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585:
The text was updated successfully, but these errors were encountered:
agnivade
changed the title
TLS 1.2 renegotiation fails because of expected tls.helloRequestMsg instead of tls.clientHelloMsg
crypto/tls: TLS 1.2 renegotiation fails because of expected tls.helloRequestMsg instead of tls.clientHelloMsgDec 27, 2019
FiloSottile
changed the title
crypto/tls: TLS 1.2 renegotiation fails because of expected tls.helloRequestMsg instead of tls.clientHelloMsg
crypto/tls: improve server-side (lack of) renegotiation docs and error message
Dec 29, 2019
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?amd64/linux
What did you do?
I am unable to renegotiate successfully using TLS 1.2 to a Go server I wrote. https://play.golang.org/p/Q39eh8PVAOP. After starting the server, I connect using openssl:
openssl s_client -connect 172.16.28.75:10000 -tls1_2
. Following a successful handshake, and some test messages going through, I start a renegotiation by sendingR
in the openssl client session. The renegotiation fails because the Go server expects ahelloRequestMessage
as the first message in the renegotiation while theopenssl
client sends aclientHelloMessage
as the first message in the renegotiation.What did you expect to see?
A successful renegotiation as demonstrated when running the same server using
openssl s_server -key /home/vagrant/easy-rsa/easyrsa3/pki/private/server.key -cert /home/vagrant/easy-rsa/easyrsa3/pki/issued/server.crt -accept 10000
.And output from renegotiation on the client:
What did you see instead?
On the server:
On the client:
The text was updated successfully, but these errors were encountered: