Hey collectively,
I’m making a tls encrypted http server and decreased the minimal supported tls model within the used tls.Config (regardless of figuring out that 1.0 and 1.1 are EOL).
I didn’t discover something within the godocs that this could not work however once I run the code within the instance beneath by offering a self signed certificates and key, I obtain an error that the protocol is unsupported. Moreover I’ve additionally tried to set the GODEBUG variable to tls10server=1, which had additionally no impact.
package deal predominant
import (
"crypto/tls"
"log"
"web/http"
)
func predominant() {
server := http.Server{
Addr: "0.0.0.0:8080",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("success"))
}),
}
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS10}
if err := server.ListenAndServeTLS("server.crt", "server.key"); err != nil {
log.Fatalf("server crashed :: %s", err.Error())
}
}
I’ve tried the tls test to the server with the command beneath (similar end result for curl with argument –tls-max 1.0):
openssl s_client -connect localhost:8080 -tls1_1
aswell as:
openssl s_client -connect localhost:8080 -tls1_0
each are failing with the next error message:
CONNECTED(00000003)
409776618F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols out there:…/ssl/statem/statem_lib.c:104:
Within the purposes output I can see the next entry:
2025/01/10 16:17:21 http: TLS handshake error from 172.21.29.106:33582: distant error: tls: protocol model not supported
Does someone have a touch, what I’m doing flawed or if these two TLS variations are utterly unsupported by Go despite the fact that I didn’t discover something associated within the godocs.
Thanks very a lot in your assist and hints.
Greatest regards,
Timo
distant error: tls: protocol model not supported is a standard SSL/TLS connection error that signifies that the shopper and server can’t agree on the SSL/TLS protocol model to make use of. Particularly, the shopper proposes a model of SSL/TLS that the server both doesn’t assist, or the server deems too previous to be a safety threat
. For instance, when a shopper tries to attach with an older SSL 3.0 model and the server solely helps TLS 1.2 or later, the server might ship the shopper a handshake failure message with a “protocol_version” warning
Attempting to restrict the utmost model?
tls.Config{MinVersion: tls.VersionTLS10,MaxVersion: tls.VersionTLS11}
Hello,
initially thanks in your response.
You might be completely proper, permitting the shopper a TLS model >= TLS 1.2 works like anticipated.
I do know that default TLS config of Go comes with TLS minimal model of 1.2.
In my actual code I’ve tried a number of mixtures of min and max model together with varied cipher suites.
I simply offered a minimal instance to reveal my wrestle and to simply reproduce it.
I decreased my minimal TLS model to 1.0 as a result of I wished to make it possible for in case a shopper solely helps TLS < 1.2 (which some actually low percentile in the actual world does) that my server could be configured by my very own threat to assist these shoppers as properly.
This openssl commando which I’ve posted checks whether or not a tls reference to the given parameter could be established on this case tls 1.1 and tls 1.0, which isn’t working despite the fact that I’ve set the minVersion to “VersionTLS10”.
If I run the identical openssl command with tls1_2 it once more works like a allure.
I hope this clarifies what I’m making an attempt to realize.
Greatest regards,
Timo