net/http ListenAndServeTLS handshake errors
1,781 views
Skip to first unread message
Jens Frederich
May 22, 2015, 10:54:49 AM5/22/15
to golan...@googlegroups.com
One of my apps uses ListenAndServeTLS. The app works fine and all requests will be served correctly. SSL checkers like www.ssllabs.com give it an A-.
But the app gets a lot TLS handshake errors from time to time. I don't what's going on, some hints?
My certificate file contains the server-certificate followed by ca-certificate and followed by root-certificate.
http: TLS handshake error from 64.41.200.101:48116: EOF
http: TLS handshake error from 64.41.200.101:48144: EOF
TLS handshake error from 64.41.200.101:48169: EOF
http: TLS handshake error from 64.41.200.101:48195: EOF
http: TLS handshake error from 64.41.200.101:48222: EOF
http: TLS handshake error from 64.41.200.101:48248: EOF
http: TLS handshake error from 64.41.200.101:48276: EOF
http: TLS handshake error from 64.41.200.101:48304: EOF
http: TLS handshake error from 113.81.212.82:13152: remote error: unknown certificate http: TLS handshake error from 222.58.90.175:37003: remote error: unknown certificate authority
JensBut the app gets a lot TLS handshake errors from time to time. I don't what's going on, some hints?
My certificate file contains the server-certificate followed by ca-certificate and followed by root-certificate.
http: TLS handshake error from 64.41.200.101:48116: EOF
http: TLS handshake error from 64.41.200.101:48144: EOF
TLS handshake error from 64.41.200.101:48169: EOF
http: TLS handshake error from 64.41.200.101:48195: EOF
http: TLS handshake error from 64.41.200.101:48222: EOF
http: TLS handshake error from 64.41.200.101:48248: EOF
http: TLS handshake error from 64.41.200.101:48276: EOF
http: TLS handshake error from 64.41.200.101:48304: EOF
http: TLS handshake error from 113.81.212.82:13152: remote error: unknown certificate http: TLS handshake error from 222.58.90.175:37003: remote error: unknown certificate authority
Peter Waller
May 22, 2015, 1:55:44 PM5/22/15
to Jens Frederich, golang-nuts
Whois shows 64.41.200.101 is from ssllabs.com. You might expect some
number of handshake errors, since ssllabs is probing for broken SSL
implementations, and it does this by making a large number of SSL
handshakes.
EOF just means that the SSL implementation tried to read the socket
but it was already closed. For example, that would happen if the
client was problem the SSL implementation but wasn't interested in
completing the connection. The unknown certificate is probably that a
probe was looking for broken client certificate implementations.
There are also a lot of people scanning the whole internet (e.g,
https://zmap.io/). It has been said that it is possible to get a
packet back from every machine on the IPv4 internet in five
minutes from one (well connected) machine these days.
Long story short, if you have something listening on the public
internet, this is to be expected.
number of handshake errors, since ssllabs is probing for broken SSL
implementations, and it does this by making a large number of SSL
handshakes.
EOF just means that the SSL implementation tried to read the socket
but it was already closed. For example, that would happen if the
client was problem the SSL implementation but wasn't interested in
completing the connection. The unknown certificate is probably that a
probe was looking for broken client certificate implementations.
There are also a lot of people scanning the whole internet (e.g,
https://zmap.io/). It has been said that it is possible to get a
packet back from every machine on the IPv4 internet in five
minutes from one (well connected) machine these days.
Long story short, if you have something listening on the public
internet, this is to be expected.
Jens Frederich
May 22, 2015, 6:09:23 PM5/22/15
to Peter Waller, golang-nuts
Thanks Peter.
Then I've to life noise in my logs. I've thought it's my fault, implementation is wrong or certificate format etc.
Reply all
Reply to author
Forward
0 new messages