Tuesday, February 11, 2025
HomeGolangTLS 1.0 and 1.1 connections failing - Getting Assist

TLS 1.0 and 1.1 connections failing – Getting Assist


Hey collectively,

I’m making a tls encrypted http server and decreased the minimal supported tls model within the used tls.Config (regardless of understanding that 1.0 and 1.1 are EOL).

I didn’t discover something within the godocs that this could not work however once I run the code within the instance under by offering a self signed certificates and key, I obtain an error that the protocol is unsupported. Moreover I’ve additionally tried to set the GODEBUG variable to tls10server=1, which had additionally no impact.

package deal fundamental

import (
	"crypto/tls"
	"log"
	"web/http"
)

func fundamental() {

	server := http.Server{
		Addr: "0.0.0.0:8080",
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.WriteHeader(http.StatusOK)
			w.Write([]byte("success"))
		}),
	}
	server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS10}
	if err := server.ListenAndServeTLS("server.crt", "server.key"); err != nil {
		log.Fatalf("server crashed :: %s", err.Error())
	}

}

I’ve tried the tls test to the server with the command under (similar final result for curl with argument –tls-max 1.0):

openssl s_client -connect localhost:8080 -tls1_1

aswell as:

openssl s_client -connect localhost:8080 -tls1_0

each are failing with the next error message:

CONNECTED(00000003)
409776618F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols out there:…/ssl/statem/statem_lib.c:104:

Within the functions output I can see the next entry:

2025/01/10 16:17:21 http: TLS handshake error from 172.21.29.106:33582: distant error: tls: protocol model not supported

Does any individual have a touch, what I’m doing incorrect or if these two TLS variations are utterly unsupported by Go regardless that I didn’t discover something associated within the godocs.

Thanks very a lot in your assist and hints.

Greatest regards,
Timo

distant error: tls: protocol model not supported is a standard SSL/TLS connection error that signifies that the shopper and server can’t agree on the SSL/TLS protocol model to make use of. Particularly, the shopper proposes a model of SSL/TLS that the server both doesn’t help, or the server deems too previous to be a safety threat
. For instance, when a shopper tries to attach with an older SSL 3.0 model and the server solely helps TLS 1.2 or later, the server could ship the shopper a handshake failure message with a “protocol_version” warning

Attempting to restrict the utmost model?

	tls.Config{MinVersion: tls.VersionTLS10,MaxVersion: tls.VersionTLS11}

Hello,

to start with thanks in your response.
You’re completely proper, permitting the shopper a TLS model >= TLS 1.2 works like anticipated.

I do know that default TLS config of Go comes with TLS minimal model of 1.2.

In my actual code I’ve tried a number of mixtures of min and max model together with varied cipher suites.

I simply supplied a minimal instance to display my battle and to simply reproduce it.

I decreased my minimal TLS model to 1.0 as a result of I needed to make it possible for in case a shopper solely helps TLS < 1.2 (which some actually low percentile in the actual world does) that my server could be configured by my very own threat to help these purchasers as properly.

This openssl commando which I’ve posted checks whether or not a tls reference to the given parameter could be established on this case tls 1.1 and tls 1.0, which isn’t working regardless that I’ve set the minVersion to “VersionTLS10”.

If I run the identical openssl command with tls1_2 it once more works like a attraction.

I hope this clarifies what I’m attempting to attain.

Greatest regards,
Timo

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments