TLS Handshake fail
335 views
Skip to first unread message
creack
Dec 3, 2010, 9:13:38 AM12/3/10
to golang-nuts
Hello,
I am trying to connect via SSL using the crypto/tls package but I
always got handshake failed error with no more information.
How could I know why it is not working?
For info here is my code :
In Go wich alway return handshake error:
package main
import (
"crypto/tls"
"log"
)
func main() {
conn, err := tls.Dial("tcp", "", "216.52.236.112:5680")
if conn != nil {
log.Exitf("Error dialling : %s\n", err)
}
log.Printf("Connected.\n")
}
In C, wich is working well :
#include <stdio.h>
#include <openssl/ssl.h>
#include <arpa/inet.h>
int main() {
int sock;
int ssl_ret;
struct sockaddr_in s_in;
SSL* ssl_socket;
SSL_CTX* ctx;
int port = 0;
const char* ip = "0.0.0.0";
// Init
SSL
SSLeay_add_ssl_algorithms();
if ((ctx = SSL_CTX_new(TLSv1_client_method())) == NULL) {
fprintf(stderr, "error ssl_ctx init\n");
return (1);
}
ssl_socket = SSL_new(ctx);
// Connect to
server
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
s_in.sin_family = AF_INET;
s_in.sin_port = htons(port);
s_in.sin_addr.s_addr = inet_addr(ip);
if (connect(sock, (struct sockaddr*)&s_in, sizeof(s_in)) < 0) {
perror("connect");
return (1);
}
// Link the socket to
ssl
if (SSL_set_fd(ssl_socket, sock) == 0) {
fprintf(stderr, "set fd failed\n");
return (1);
}
// Set SSL as
client
SSL_set_connect_state(ssl_socket);
// Finalize the ssl
connection
ssl_ret = SSL_connect(ssl_socket);
if (ssl_ret <= 0) {
fprintf(stderr, "SSL Connection/handshake failed : %d\n",
SSL_get_error(ssl_socket, ssl_ret));
return (1);
}
printf("Connection established\n");
return (0);
}
I am trying to connect via SSL using the crypto/tls package but I
always got handshake failed error with no more information.
How could I know why it is not working?
For info here is my code :
In Go wich alway return handshake error:
package main
import (
"crypto/tls"
"log"
)
func main() {
conn, err := tls.Dial("tcp", "", "216.52.236.112:5680")
if conn != nil {
log.Exitf("Error dialling : %s\n", err)
}
log.Printf("Connected.\n")
}
In C, wich is working well :
#include <stdio.h>
#include <openssl/ssl.h>
#include <arpa/inet.h>
int main() {
int sock;
int ssl_ret;
struct sockaddr_in s_in;
SSL* ssl_socket;
SSL_CTX* ctx;
int port = 0;
const char* ip = "0.0.0.0";
// Init
SSL
SSLeay_add_ssl_algorithms();
if ((ctx = SSL_CTX_new(TLSv1_client_method())) == NULL) {
fprintf(stderr, "error ssl_ctx init\n");
return (1);
}
ssl_socket = SSL_new(ctx);
// Connect to
server
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
s_in.sin_family = AF_INET;
s_in.sin_port = htons(port);
s_in.sin_addr.s_addr = inet_addr(ip);
if (connect(sock, (struct sockaddr*)&s_in, sizeof(s_in)) < 0) {
perror("connect");
return (1);
}
// Link the socket to
ssl
if (SSL_set_fd(ssl_socket, sock) == 0) {
fprintf(stderr, "set fd failed\n");
return (1);
}
// Set SSL as
client
SSL_set_connect_state(ssl_socket);
// Finalize the ssl
connection
ssl_ret = SSL_connect(ssl_socket);
if (ssl_ret <= 0) {
fprintf(stderr, "SSL Connection/handshake failed : %d\n",
SSL_get_error(ssl_socket, ssl_ret));
return (1);
}
printf("Connection established\n");
return (0);
}
Sam Crawford
Dec 3, 2010, 9:39:18 AM12/3/10
to creack, golang-nuts
Without knowing the error being returned it's hard to diagnose.
That said, I see that the certificate on your server is self-signed,
expired three years ago, and has "cn=test" rather than a hostname.
Is the error being returned "Bad certificate" ?
Thanks,
Sam
Guillaume J. CHARMES
Dec 3, 2010, 9:43:35 AM12/3/10
to Sam Crawford, golang-nuts
The error returned is "remote error: handshake failure"
I didn't find how to get more details.
--
Guillaume J. CHARMES
--
Guillaume J. CHARMES
Anthony Martin
Dec 3, 2010, 11:36:23 AM12/3/10
to Guillaume J. CHARMES, Sam Crawford, golang-nuts
The crypto/tls package only supports the
RSA_WITH_RC4_128_SHA cipher suite. Your
server doesn't accept it.
RSA_WITH_RC4_128_SHA cipher suite. Your
server doesn't accept it.
I have a pending CL to change this.
http://codereview.appspot.com/2747042
Anthony
Guillaume J. CHARMES
Dec 3, 2010, 11:37:30 AM12/3/10
to Anthony Martin, Sam Crawford, golang-nuts
Thank you.
--
Guillaume J. CHARMES
--
Guillaume J. CHARMES
Reply all
Reply to author
Forward
0 new messages