Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: handshake failure #8138

Closed
gopherbot opened this issue Jun 2, 2014 · 5 comments
Closed

crypto/tls: handshake failure #8138

gopherbot opened this issue Jun 2, 2014 · 5 comments
Milestone

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 2, 2014

by zhuoyikang@nibirutech.com:

i believe it's a bug on crypto/tls.

my client is Erlang-R15B02, and Server is  crypto/tls , always handshark error, there is
ssldump below:

New TCP connection #1: ip-10-0-1-169.us-west-2.compute.internal(36804) <->
115.29.228.221(60056)
1 1  1.2367 (1.2367)  C>S  Handshake
      ClientHello
        Version 3.1
        cipher suites
        Unknown value 0xff
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        compression methods
                  NULL
1 2  1.4580 (0.2213)  S>C  Alert
    level           fatal
    value           handshake_failure
1    1.4580 (0.0000)  S>C  TCP FIN
1    1.4590 (0.0010)  C>S  TCP FIN

so ,these cipher suites are support by Erlang:
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA


and these cipher suites is supported by golang/tls
 TLS_RSA_WITH_RC4_128_SHA                uint16 = 0x0005
TLS_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0x000a
TLS_RSA_WITH_AES_128_CBC_SHA            uint16 = 0x002f
TLS_RSA_WITH_AES_256_CBC_SHA            uint16 = 0x0035
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        uint16 = 0xc007
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    uint16 = 0xc009
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    uint16 = 0xc00a
TLS_ECDHE_RSA_WITH_RC4_128_SHA          uint16 = 0xc011
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0xc012
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0xc013
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0xc014
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b

and, they both suport:


```
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
```


but go/tls inject and fatal error 

1 2  1.4580 (0.2213)  S>C  Alert
    level           fatal
    value           handshake_failure

does it a bug ???

meanwhile, i test golang/tls in my computer where erlang client, it work as excepted.
but it does work on the remote server where i am not convenienced to give the host/port,

any body can help?
@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jun 2, 2014

Comment 1:

Labels changed: added repo-main, release-go1.4.

@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Jun 2, 2014

Comment 2:

Status changed to Accepted.

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Jun 2, 2014

Comment 3:

The error messages should be much improved in Go 1.3 (the beta of which you can obtain
from here: https://code.google.com/p/go/wiki/Downloads). It's possible that the error
message from 1.3 will tell us what's wrong.
Alternatively, a tcpdump may be needed.
@gopherbot

This comment has been minimized.

Copy link
Author

@gopherbot gopherbot commented Jun 7, 2014

Comment 4 by zhuoyikang@nibirutech.com:

sorry, it's not a bug , for all i know , the server which i can't connect successfully 
just support ECDHE cipher suite, and does't support RSA , i report the problem to the
server's manager , after he change the config , all code worked , so ,thanks you guys
all the same , and the issue can be close.
@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jun 7, 2014

Comment 5:

Status changed to Retracted.

@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.