FAQ
The server www.google.com is accepting SSLv3, TLSv1, TLSv1.1 and TLSv1.2 as
you can see in the openssl s_client tests below.

The crypto/tls manual has listed the constants for these same ssl/tls
versions:

const (
         VersionSSL30 = 0x0300
         VersionTLS10 = 0x0301
         VersionTLS11 = 0x0302
         VersionTLS12 = 0x0303
)

http://golang.org/pkg/crypto/tls/#pkg-constants

While the summary only lists that it partially implements TLS 1.2, as
specified in RFC 5246 but TLS 1.0 and 1.1 do currently also work fine for
me.

s_client -ssl3 -host www.google.com -port 443

SSL-Session:
     Protocol : SSLv3

openssl s_client -tls1 -host www.google.com -port 443

SSL-Session:
     Protocol : TLSv1

openssl s_client -tls1_1 -host www.google.com -port 443

SSL-Session:
     Protocol : TLSv1.1

openssl s_client -tls1_2 -host www.google.com -port 443

SSL-Session:
     Protocol : TLSv1.2
On Tuesday, 7 January 2014 16:02:43 UTC+1, James Bardin wrote:


On Tuesday, January 7, 2014 9:49:19 AM UTC-5, Paul van Brouwershaven wrote:

I see this same error for TLSv1.1 and 1.2 when the remote server doesn't
support this version.
Are you saying that you see this error when the remote server *does*
support TLSv1.1 or 1.2? If so, do you know any details about the server?
I've run into an unknown http frontend that is incorrectly negotiating down
to SSLv3 when TLSv1.1 or TLSv1.2 is offered by the client, even thought it
supports TLSv1.0. Forcing TLSv1.0 on the client allows us to connect.


My tests with openssl and curl show that google.com is supporting SSLv3.
This would indicate that "local error" would indicate that GO doesn't
support SSLv3, but why can we instruct GO go force the usage of SSLv3 then
and why do I get the same error for 1.1 and 1.2 sometimes if it would be a
local error?
You can set the the TLS versions to any uint16 values you want, but it's
not necessarily valid, and just because it compiles, doesn't mean it's not
a runtime error. You're can't force the usage of SSLv3, because the client
doesn't support it.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 6 of 12 | next ›
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJan 7, '14 at 8:12a
activeJan 7, '14 at 4:19p
posts12
users3
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase