FAQ
I am making a tcp connection to a server and it seems like I cannot get my
timeout to be respected. I'm connecting to multiple servers (different
companies/vendors) and only having trouble with one. Here is my connection
code


-------------
         cert, err := tls.LoadX509KeyPair(settings+"certs/client.pem",
settings+"certs/client.key")

         server, _ := reader.GetString(path, "server")
port, _ := reader.GetString(path, "port")

if err != nil {
log.Fatalf("Server load keys failure %s", err)
}

config := tls.Config{Certificates: []tls.Certificate{cert}, MinVersion:
tls.VersionTLS10, MaxVersion: tls.VersionTLS12, InsecureSkipVerify: true}


         s := time.Now()

         dialer := &net.Dialer{
                 Timeout : time.Duration(30) * time.Second,
                 Deadline: s.Add(time.Duration(30)*time.Second),
         }

         conn, err := tls.DialWithDialer(dialer,
"tcp",server+":"+port,&config)
  if err != nil {
log.Fatal("Client dial failed:", err)
return nil, errors.New("Fail Dial")
}

-----------

When running this code, I receive the following after 5 seconds (notice my
timeout is 30 seconds)

Client dial failed: remote error: handshake failure.

Any inisights on this? I've gone through the net connection code and it
appears that the handshake does not have any time out code rather a ticker
is listening for the ok on a channel (from the handshake) and if it hits
the timer throws an error, so something is perhaps happening in the
handshake itself, but what I can't gather is whats going wrong in the hand
shake then.

Also of note is this was working a week ago, so something on my connection
has changed, but I clearly need to address whatever is now creating the
issue.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • James Bardin at Aug 14, 2014 at 2:24 pm

    On Thursday, August 14, 2014 9:41:10 AM UTC-4, ralf...@dnc.io wrote:

    When running this code, I receive the following after 5 seconds (notice my
    timeout is 30 seconds)

    Client dial failed: remote error: handshake failure.

    Any inisights on this? I've gone through the net connection code and it
    appears that the handshake does not have any time out code rather a ticker
    is listening for the ok on a channel (from the handshake) and if it hits
    the timer throws an error, so something is perhaps happening in the
    handshake itself, but what I can't gather is whats going wrong in the hand
    shake then.

    Also of note is this was working a week ago, so something on my connection
    has changed, but I clearly need to address whatever is now creating the
    issue.

    I don't think the Handshake is timing out, this is actually an error in the
    handshake process.

    Since it's a remote error, I'm would gather that the remote server non
    longer likes your client for whatever reason. Maybe try to force some
    different TLS versions and see what happens.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Ralfonso at Aug 14, 2014 at 3:42 pm
    Thanks James,

    It seems you are correct, I tried the following two configs


    This one did not work either, I thought maybe opening it up a bit more
    would have helped.

    config := tls.Config{Certificates: []tls.Certificate{cert}, MinVersion:
    tls.VersionSSL30, MaxVersion: tls.VersionTLS12, InsecureSkipVerify: true}

    This one did work, so forcing it to use one version did the trick

    config := tls.Config{Certificates: []tls.Certificate{cert}, MinVersion:
    tls.VersionTLS10, MaxVersion:tls.VersionTLS10, InsecureSkipVerify: true}

    2 observations. 1) this was working, last week this client had no issue
    connecting with code as in my original post 2) I would have that the tls
    package would have negotiated the correct version to use? Perhaps a bug?

    Thanks,

    Rob
    On Thursday, August 14, 2014 10:24:01 AM UTC-4, James Bardin wrote:


    On Thursday, August 14, 2014 9:41:10 AM UTC-4, ralf...@dnc.io wrote:


    When running this code, I receive the following after 5 seconds (notice
    my timeout is 30 seconds)

    Client dial failed: remote error: handshake failure.

    Any inisights on this? I've gone through the net connection code and it
    appears that the handshake does not have any time out code rather a ticker
    is listening for the ok on a channel (from the handshake) and if it hits
    the timer throws an error, so something is perhaps happening in the
    handshake itself, but what I can't gather is whats going wrong in the hand
    shake then.

    Also of note is this was working a week ago, so something on my
    connection has changed, but I clearly need to address whatever is now
    creating the issue.

    I don't think the Handshake is timing out, this is actually an error in
    the handshake process.

    Since it's a remote error, I'm would gather that the remote server non
    longer likes your client for whatever reason. Maybe try to force some
    different TLS versions and see what happens.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • James Bardin at Aug 14, 2014 at 3:59 pm

    On Thursday, August 14, 2014 11:42:01 AM UTC-4, ralf...@dnc.io wrote:

    2 observations. 1) this was working, last week this client had no issue
    connecting with code as in my original post 2) I would have that the tls
    package would have negotiated the correct version to use? Perhaps a bug?
    Unless you recently upgraded the client build, it has to be a change on the
    servers.

    I've seen a number of servers with faulty negotiation, where they fall back
    to SSLv3 for some reason when presented with a higher TLS version (the Go
    client doesn't support SSLv3). The only way to work around these broken
    servers is to only present the version that both parties support.

    Try connecting with another TLS1.2 capable client and see how it
    negotiates. (`curl -v -1 ...` should do it)

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedAug 14, '14 at 2:11p
activeAug 14, '14 at 3:59p
posts4
users2
websitegolang.org

2 users in discussion

James Bardin: 2 posts Ralfonso: 2 posts

People

Translate

site design / logo © 2022 Grokbase