HttpClient https request cipher

xuanbao · · 1311 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I got some problems with doing http requests to a Https website. Most of the times I get a handshake failure. I think this is a problem that the standard TLS cipher isn&#39;t supported by the target website.</p> <p>Soooo I found a way to check what ciphers the target website supports with &#34;nmap&#34;. Then I manually set a cipher and it works.</p> <p>My question is: Isn&#39;t there a way to automatically let Go set the supported cipher to make the request?</p> <p>In Node.JS I have no problems to create a request. I don&#39;t have to set extra stuff.</p> <hr/>**评论:**<br/><br/>nhooyr: <pre><p>post your code.</p></pre>taushif: <pre><p>oops I accidentally placed a comment instead of a reply.</p></pre>taushif: <pre><p>a simple:</p> <pre><code>uri := &#34;https://example.com&#34; hc := &amp;http.Client{} // transport with skipverify doesn&#39;t work either req, err = http.NewRequest(method, uri, strings.NewReader(form.Encode())) response, err := hc.Do(req) // handshake error contents, err := ioutil.ReadAll(response.Body) </code></pre> <p>It works if I do this:</p> <pre><code> mTLSConfig := &amp;tls.Config{ CipherSuites: []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, }, } mTLSConfig.PreferServerCipherSuites = true mTLSConfig.MinVersion = tls.VersionTLS10 mTLSConfig.MaxVersion = tls.VersionTLS10 tr := &amp;http.Transport{ TLSClientConfig: mTLSConfig, } hc := &amp;http.Client{Transport: tr} </code></pre> <p>So basically I checked what cipher the website supports and put that cipher manually in the transport. </p></pre>njpatel: <pre><p>I ran your example on my machine (ubuntu 14.04) and had no problems, could it be an issue with your system?</p> <p>Here&#39;s a screenshot of the output: <a href="http://i.imgur.com/a3aJhDM.png" rel="nofollow">http://i.imgur.com/a3aJhDM.png</a></p> <p>Edit: This is go 1.5.1 linux/amd64</p></pre>taushif: <pre><p>Some websites work because they use standard ciphers. But I had a problem with &#34;<a href="https://api.copernica.com" rel="nofollow">https://api.copernica.com</a>&#34; and mailgun also gives problems.</p></pre>njpatel: <pre><blockquote> <p><a href="https://api.copernica.com" rel="nofollow">https://api.copernica.com</a></p> </blockquote> <p>Fwiw, both those work for me as well.</p></pre>nhooyr: <pre><p>By default go uses all ciphers so I am not really sure what is wrong, try reinstalling go.</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

1311 次点击  
加入收藏 微博
0 回复
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传