Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: client not always able to connect when using NPN #4088
The crypto/tls client is unable to make connections when: - NPN is being used, and - NPN is not the last extension received in the ServerHello message. During umarshalling of ServerHello messages (in crypto/tls/handshake_messages.go), too many bytes are read while unmarshalling NPN extensions. It reads upto the end of the ServerHello, instead of the end of the extension; so any extensions after NPN are accidentally interpreted as part of the NPN extension instead. What steps will reproduce the problem? 1. Run the attached test.go. It will attempt two connections to https://skip.org:4443 , which has reordered ServerHello extensions to show the problem (NPN is not the last extension, ServerName and others come after NPN). What is the expected output? The two connections should succeed. What do you see instead? The connection using NPN fails. I have attached a patch which fixes the problem. Tom
FiloSottile pushed a commit to FiloSottile/go that referenced this issue
Oct 12, 2018
This issue was closed.