Tuesday, February 11, 2025
HomeGolangTLS 1.0 and 1.1 connections failing - Getting Assist

TLS 1.0 and 1.1 connections failing – Getting Assist


Good day collectively,

I’m making a tls encrypted http server and decreased the minimal supported tls model within the used tls.Config (regardless of figuring out that 1.0 and 1.1 are EOL).

I didn’t discover something within the godocs that this could not work however once I run the code within the instance under by offering a self signed certificates and key, I obtain an error that the protocol is unsupported. Moreover I’ve additionally tried to set the GODEBUG variable to tls10server=1, which had additionally no impact.

package deal primary

import (
	"crypto/tls"
	"log"
	"internet/http"
)

func primary() {

	server := http.Server{
		Addr: "0.0.0.0:8080",
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.WriteHeader(http.StatusOK)
			w.Write([]byte("success"))
		}),
	}
	server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS10}
	if err := server.ListenAndServeTLS("server.crt", "server.key"); err != nil {
		log.Fatalf("server crashed :: %s", err.Error())
	}

}

I’ve tried the tls test to the server with the command under (identical end result for curl with argument –tls-max 1.0):

openssl s_client -connect localhost:8080 -tls1_1

aswell as:

openssl s_client -connect localhost:8080 -tls1_0

each are failing with the next error message:

CONNECTED(00000003)
409776618F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols accessible:…/ssl/statem/statem_lib.c:104:

Within the purposes output I can see the next entry:

2025/01/10 16:17:21 http: TLS handshake error from 172.21.29.106:33582: distant error: tls: protocol model not supported

Does someone have a touch, what I’m doing flawed or if these two TLS variations are fully unsupported by Go although I didn’t discover something associated within the godocs.

Thanks very a lot on your assist and hints.

Greatest regards,
Timo

distant error: tls: protocol model not supported is a standard SSL/TLS connection error that signifies that the consumer and server can’t agree on the SSL/TLS protocol model to make use of. Particularly, the consumer proposes a model of SSL/TLS that the server both doesn’t help, or the server deems too outdated to be a safety danger
. For instance, when a consumer tries to attach with an older SSL 3.0 model and the server solely helps TLS 1.2 or later, the server could ship the consumer a handshake failure message with a “protocol_version” warning

Attempting to restrict the utmost model?

	tls.Config{MinVersion: tls.VersionTLS10,MaxVersion: tls.VersionTLS11}

Hello,

to begin with thanks on your response.
You’re completely proper, permitting the consumer a TLS model >= TLS 1.2 works like anticipated.

I do know that default TLS config of Go comes with TLS minimal model of 1.2.

In my actual code I’ve tried a number of mixtures of min and max model together with varied cipher suites.

I simply supplied a minimal instance to display my battle and to simply reproduce it.

I decreased my minimal TLS model to 1.0 as a result of I needed to ensure that in case a consumer solely helps TLS < 1.2 (which some actually low percentile in the true world does) that my server could be configured by my very own danger to help these purchasers as effectively.

This openssl commando which I’ve posted checks whether or not a tls reference to the given parameter could be established on this case tls 1.1 and tls 1.0, which isn’t working although I’ve set the minVersion to “VersionTLS10”.

If I run the identical openssl command with tls1_2 it once more works like a attraction.

I hope this clarifies what I’m attempting to attain.

Greatest regards,
Timo

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments