FAQ
It looks like go (the client) is supporting SSLv3, one because of the
constand refering to v3 but secondly because the source does also list
functions specific to v3 (removePaddingSSL30).

Question 1: Is go supporting SSLv3?

Question 2: If go is not supporting SSLv3, why do I get the same (local)
error message when a remote server is not support TLSv1.2?

On 7 January 2014 16:38, James Bardin wrote:

Yes, but again, what are you asking?
This does not change the fact that the client does not support SSLv3
(granted, this should be better documented in the tls package).


On Tuesday, January 7, 2014 10:35:01 AM UTC-5, Paul van Brouwershaven
wrote:
The server www.google.com is accepting SSLv3, TLSv1, TLSv1.1 and TLSv1.2
as you can see in the openssl s_client tests below.

The crypto/tls manual has listed the constants for these same ssl/tls
versions:

const (
VersionSSL30 = 0x0300
VersionTLS10 = 0x0301
VersionTLS11 = 0x0302
VersionTLS12 = 0x0303
)

http://golang.org/pkg/crypto/tls/#pkg-constants

While the summary only lists that it partially implements TLS 1.2, as
specified in RFC 5246 but TLS 1.0 and 1.1 do currently also work fine for
me.

s_client -ssl3 -host www.google.com -port 443

SSL-Session:
Protocol : SSLv3

openssl s_client -tls1 -host www.google.com -port 443

SSL-Session:
Protocol : TLSv1

openssl s_client -tls1_1 -host www.google.com -port 443

SSL-Session:
Protocol : TLSv1.1

openssl s_client -tls1_2 -host www.google.com -port 443

SSL-Session:
Protocol : TLSv1.2
On Tuesday, 7 January 2014 16:02:43 UTC+1, James Bardin wrote:



On Tuesday, January 7, 2014 9:49:19 AM UTC-5, Paul van Brouwershaven
wrote:
I see this same error for TLSv1.1 and 1.2 when the remote server
doesn't support this version.
Are you saying that you see this error when the remote server *does*
support TLSv1.1 or 1.2? If so, do you know any details about the server?
I've run into an unknown http frontend that is incorrectly negotiating down
to SSLv3 when TLSv1.1 or TLSv1.2 is offered by the client, even thought it
supports TLSv1.0. Forcing TLSv1.0 on the client allows us to connect.


My tests with openssl and curl show that google.com is supporting
SSLv3. This would indicate that "local error" would indicate that GO
doesn't support SSLv3, but why can we instruct GO go force the usage of
SSLv3 then and why do I get the same error for 1.1 and 1.2 sometimes if it
would be a local error?
You can set the the TLS versions to any uint16 values you want, but it's
not necessarily valid, and just because it compiles, doesn't mean it's not
a runtime error. You're can't force the usage of SSLv3, because the client
doesn't support it.

--
You received this message because you are subscribed to a topic in the
Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/golang-nuts/FfsoDoMCBeM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


--
Regards,

Paul van Brouwershaven

http://linkedin.com/in/pvanbrouwershaven
http://facebook.com/p.vanbrouwershaven
http://twitter.com/vanbroup

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 8 of 12 | next ›
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJan 7, '14 at 8:12a
activeJan 7, '14 at 4:19p
posts12
users3
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase