TLS Handshake Error

agolangf · 2016-05-06 21:35:31 · 6600 次点击    
这是一个分享于 2016-05-06 21:35:31 的资源,其中的信息可能已经有所发展或是发生改变。

I'm attempting to explicitly execute a TLS Handshake (i.e. StartTLS) and when doing so receive a version mismatch error.

what would cause tls.Handshake() to error with received record with version 502 when expecting version 303

I'm not sure where to find or how to control the versions in this context. I see the logic checking the versions in conn.go

if c.haveVers && vers != c.vers {
   588          c.sendAlert(alertProtocolVersion)
   589          msg := fmt.Sprintf("received record with version %x when expecting version %x", vers,     c.vers)
   590          return c.in.setErrorLocked(c.newRecordHeaderError(msg))
   591      }

but am uncertain how to find and or specify versions that would match and allow a successful handshake.


评论:

alexwhoizzle:

Looking at RFC4642 (https://tools.ietf.org/html/rfc4642) it says:

2.2. STARTTLS Command

2.2.1. Usage

This command MUST NOT be pipelined.

Syntax STARTTLS

Responses

  382 Continue with TLS negotiation
  502 Command unavailable [1]
  580 Can not initiate TLS negotiation

[1] If a TLS layer is already active, or if authentication has occurred, STARTTLS is not a valid command (see Section 2.2.2).

...

A server MUST NOT return the STARTTLS capability label in response to a CAPABILITIES command received after a TLS handshake has completed, and a server MUST respond with a 502 response code if a STARTTLS command is received while a TLS session is already active.

It seems like you are trying to handshake on TLS connection that has already been established. Make sure that you check the server's capabilities response before you call STARTTLS.

Rabarar:

Thanks! I think that's it - an implicit read call invoked a handshake and it's already occurred.

Thanks again for the insights!!


入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

6600 次点击  
加入收藏 微博
0 回复
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传