-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: EOF during TLS handshake #61721
Comments
You could use |
Please change the title to I feel like an EOF can't be ignored here, but hard to say without knowing the context to reproduce this. Likely the connection was refused for a reason, maybe the client asked for a protocol that the server does not support. If possible share the Go version you are using alongside with a reproducible test case. |
Changed title. Yes that will work too - err != nil && err != io.EOF Here is an example to run the server on https://localhost:8300/test - open a new browser session after starting the server as it only happens on handshake not when opening a new browser tab after hitting the url create a certificates folder and add in there a ca.crt, localhost.crt and localhost.key that you can generate on your end
|
I think it might have to do with the ciphers being offered by the client (browser in this case). If I try to access the page with firefox I also get the EOF. If I try to offer a supported cipher there is no EOF error: |
If you add all ciphers still gets an EOF. What is Firefox, Chrome, Edge sending as cipher and what client cert they send? var Ciphers = []uint16{
} |
@golang/security @neild |
I also have the same problem occur. |
We have a similar symptom/issue, although a different scenario when we try to do mtls with I'm not sure if I should open a different issue for this, so I'll post reproduction steps here. This happens on go versions How to create a certificate on the key card:
Demo
Go server code:
Edit: Seems like its exclusive to |
Oh, Thanks. First of all, the questions I have are: Cause of the problem: Posted below are the extensions. extensions: 10 items |
The reported EOF error, happens when tls.ClientAuth is set to tls.VerifyClientCertIfGiven - if no certificate is provided or request comes from any browser it throws this error, and it should not given that only if Cert if given, unless there is a way to setup the browser to send a specific client cert?
File - /src/net/http/server.go
Current version -
Propose Fix - tested on my environment - add this to the if line - && err.Error() != "EOF"
The text was updated successfully, but these errors were encountered: