Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: remote error: handshake failure #8608

Closed
gopherbot opened this issue Aug 28, 2014 · 2 comments
Closed

crypto/tls: remote error: handshake failure #8608

gopherbot opened this issue Aug 28, 2014 · 2 comments
Milestone

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Aug 28, 2014

by webluoye:

What does 'go version' print?

go version go1.3.1 linux/amd64

What steps reproduce the problem?

remote error: handshake failure
use tls package connect to orgrfcote1.publicinterestregistry.net:700 not success
error mmessage:remote error: handshake failure
when using GO 1.2  can connect successfully.
golang code:

        cert, err := tls.LoadX509KeyPair("my.ename.cn.crt", "my.ename.cn.key")
        if err != nil {
                log.Fatalf("server: loadkeys: %s", err)
        }
        config := tls.Config{
                Certificates: []tls.Certificate{cert},
                ClientAuth:         tls.VerifyClientCertIfGiven,
                InsecureSkipVerify: true}
        ladd, lerr := net.ResolveTCPAddr("tcp", "192.168.200.53:0")
        if lerr != nil {
                log.Fatalf("local addr: %s", lerr)
        }
        radd, rerr := net.ResolveTCPAddr("tcp", "orgrfcote1.publicinterestregistry.net:700")
        if rerr != nil {
                log.Fatalf("server addr: %s", rerr)
        }
        ipConn, err := net.DialTCP("tcp", ladd, radd)
        conn := tls.Client(ipConn, &config)
        if err != nil {
                log.Fatalf("client DialTCP: %s", err)
        }
        defer conn.Close()
        hsErr := conn.Handshake()
        if hsErr != nil {
                fmt.Printf("Client connected to: %v\n", conn.RemoteAddr())
                fmt.Printf("%s", hsErr)
                os.Exit(0)
        } else {
                fmt.Printf("Client connected to: %v\n", conn.RemoteAddr())
                fmt.Printf("Cert Checks OK\n")
        }

result:
2014/08/28 15:07:15 client: connected to:  66.199.183.31:700
Client connected to: 66.199.183.31:700
remote error: handshake failure
---------------------------------------------------------------------------------------------------------
use NODEJS is ok
code:
var tls = require('tls');
var fs = require('fs');

var options = {
        rejectUnauthorized: false,
        port: 700,
        host: 'orgrfcote1.publicinterestregistry.net',
        key: fs.readFileSync('my.ename.cn.key'),
        cert: fs.readFileSync('my.ename.cn.crt')
};

var cleartextStream = tls.connect(options, function() {
                console.log('client connected',
                        cleartextStream.authorized ? 'authorized' : 'unauthorized');
                });
cleartextStream.setEncoding('utf8');
cleartextStream.on('data', function(data) {
                console.log(data);
console.log(cleartextStream.remoteAddress+":"+cleartextStream.remotePort);
        });
cleartextStream.on('end', function() {
                server.close();
        });
result:
client connected authorized
�g<?xml version='1.0' encoding='UTF-8'?>
<epp xmlns='urn:ietf:params:xml:ns:epp-1.0'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsd'><greeting><svID>Redwood EPP
Server</svID><svDate>2014-08-28T07:09:31.0Z</svDate><svcMenu><version>1.0</version><lang>en-US</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><svcExtension><extURI>urn:afilias:params:xml:ns:oxrs-1.1</extURI><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:afilias:params:xml:ns:idn-1.0</extURI><extURI>urn:afilias:params:xml:ns:trademark-1.0</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:launch-1.0</extURI></svcExtension></svcMenu><dcp><access><personal/></access><statement><purpose><admin/><other/></purpose><recipient><unrelated/><ours><recDesc>Public
Interest
Registry</recDesc></ours><public/></recipient><retention><legal/></retention></statement><expiry><relative>P10Y0M0DT0H0M0.0S</relative></expiry></dcp></greeting></epp>
66.199.183.31:700
@gopherbot gopherbot added the new label Aug 28, 2014
@wheelcomplex

This comment has been minimized.

Copy link
Contributor

@wheelcomplex wheelcomplex commented Dec 9, 2014

in my case, this is case by remote server does not support tls version renegotiation.

try follow config, hope this can help you:

config := tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS10,
}
transport := &http.Transport{
TLSClientConfig: &config,
}

ref:
#5742

@bradfitz bradfitz removed the new label Dec 18, 2014
@mikioh mikioh changed the title tls: remote error: handshake failure crypto/tls: remote error: handshake failure Jan 13, 2015
@rsc rsc added this to the Go1.5Maybe milestone Apr 10, 2015
@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Jul 14, 2015

Sounds like a dup of #5742.

@rsc rsc closed this Jul 14, 2015
@golang golang locked and limited conversation to collaborators Jul 13, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.