I'm getting a "bad record MAC" error on TLS Handshake on a connection to
certain sites. This used to be fine in Go1.1, but Go1.2 introduced this error.
What steps will reproduce the problem?
If possible, include a link to a program on play.golang.org.
1. Copy/Paste this go program locally: http://play.golang.org/p/4P2kxtIcBf (playground
doesn't have necessary libs)
2. Compile using Go1.2
3. Run, you will get the "bad record Mac" error.
4. Compile same program using Go1.1
5. Run, you will see "Success!" printed out.
What is the expected output?
What do you see instead?
"local error: bad record MAC"
Which compiler are you using (5g, 6g, 8g, gccgo)?
Which operating system are you using?
Tested on Darwin and Linux.
Which version are you using? (run 'go version')
Please provide any additional information below.
The play.golang.org example linked is using "clubs2qa.scholastic.com" as the
example site that exploits this issue. I'd like to note that browsing to the site on
Google Chrome shows that the certificate is valid and verified.
The text was updated successfully, but these errors were encountered:
This is a blocking issue for us, and if possible, we would really appreciate a patch
that we could apply to our local go1.2 version that would fix the issue.
I know that releasing something like Go1.2.1 is out of the question and this fix will
most likely go into 1.3, but we'd really appreciate something that we could apply
immediately if possible.
It's a server bug. Specifically it's matching the version number in the RSA PMS with its
version, not the client's version. OpenSSL and NSS also fail to connect.
It's easy to work around however: you can set MaxVersion in tls.Config to
tls.VersionTLS10. If you have any contacts with the server operators however you should
really encourage them to update: