The server www.google.com is accepting SSLv3, TLSv1, TLSv1.1 and TLSv1.2 as
you can see in the openssl s_client tests below.

The crypto/tls manual has listed the constants for these same ssl/tls

const (
         VersionSSL30 = 0x0300
         VersionTLS10 = 0x0301
         VersionTLS11 = 0x0302
         VersionTLS12 = 0x0303


While the summary only lists that it partially implements TLS 1.2, as
specified in RFC 5246 but TLS 1.0 and 1.1 do currently also work fine for

s_client -ssl3 -host www.google.com -port 443

     Protocol : SSLv3

openssl s_client -tls1 -host www.google.com -port 443

     Protocol : TLSv1

openssl s_client -tls1_1 -host www.google.com -port 443

     Protocol : TLSv1.1

openssl s_client -tls1_2 -host www.google.com -port 443

     Protocol : TLSv1.2
On Tuesday, 7 January 2014 16:02:43 UTC+1, James Bardin wrote:

On Tuesday, January 7, 2014 9:49:19 AM UTC-5, Paul van Brouwershaven wrote:

I see this same error for TLSv1.1 and 1.2 when the remote server doesn't
support this version.
Are you saying that you see this error when the remote server *does*
support TLSv1.1 or 1.2? If so, do you know any details about the server?
I've run into an unknown http frontend that is incorrectly negotiating down
to SSLv3 when TLSv1.1 or TLSv1.2 is offered by the client, even thought it
supports TLSv1.0. Forcing TLSv1.0 on the client allows us to connect.

My tests with openssl and curl show that google.com is supporting SSLv3.
This would indicate that "local error" would indicate that GO doesn't
support SSLv3, but why can we instruct GO go force the usage of SSLv3 then
and why do I get the same error for 1.1 and 1.2 sometimes if it would be a
local error?
You can set the the TLS versions to any uint16 values you want, but it's
not necessarily valid, and just because it compiles, doesn't mean it's not
a runtime error. You're can't force the usage of SSLv3, because the client
doesn't support it.

You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 6 of 12 | next ›
Discussion Overview
groupgolang-nuts @
postedJan 7, '14 at 8:12a
activeJan 7, '14 at 4:19p



site design / logo © 2021 Grokbase