python client cannot establish secure channel to golang server

[feofilak...@gmail.com]

Here's debug output on client side:

I0412 10:46:59.688544966    7017 ssl_transport_security.c:193]      HANDSHAKE START -  before connect initialization  - CINIT 

I0412 10:46:59.688570093    7017 ssl_transport_security.c:193]                 LOOP -  before connect initialization  - CINIT 

I0412 10:46:59.688595043    7017 ssl_transport_security.c:193]                 LOOP -     SSLv3 write client hello A  - 3WCH_A

I0412 10:46:59.688601185    7017 ssl_transport_security.c:193]                 LOOP -               SSLv3 flush data  - 3FLUSH

E0412 10:46:59.693960702    7017 ssl_transport_security.c:947] Handshake failed with fatal error SSL_ERROR_SSL: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE.

D0412 10:46:59.693989089    7017 security_handshaker.c:126]  Security handshake failed: {"created":"@1491994019.693982142","description":"Handshake failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":274,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}

I0412 10:46:59.694031889    7017 subchannel.c:705]           Connect failed: {"created":"@1491994019.693982142","description":"Handshake failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":274,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}

I0412 10:46:59.694041346    7017 subchannel.c:503]           Retry in 19.989529623 seconds

This appears in golang server logs:

grpc: Server.Serve failed to complete security handshake from "10.1.15.40:55196": tls: no cipher suite supported by both client and server

Maybe I should pass some options to grpc.secure_channel() options kw-parameter? But I cannot find any list of available options...

[feofilak...@gmail.com]

I finally got a workaround that helped me to solve this issue:

Run following command at client side:

export GRPC_SSL_CIPHER_SUITES=ECDHE-ECDSA-AES256-GCM-SHA384

Maybe there is another way to set cipher, but this worked for me.