TLS Handshake Error

agolangf · · 6531 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I&#39;m attempting to explicitly execute a TLS Handshake (i.e. StartTLS) and when doing so receive a version mismatch error.</p> <p>what would cause tls.Handshake() to error with <code> received record with version 502 when expecting version 303 </code></p> <p>I&#39;m not sure where to find or how to control the versions in this context. I see the logic checking the versions in conn.go</p> <pre><code>if c.haveVers &amp;&amp; vers != c.vers { 588 c.sendAlert(alertProtocolVersion) 589 msg := fmt.Sprintf(&#34;received record with version %x when expecting version %x&#34;, vers, c.vers) 590 return c.in.setErrorLocked(c.newRecordHeaderError(msg)) 591 } </code></pre> <p>but am uncertain how to find and or specify versions that would match and allow a successful handshake.</p> <hr/>**评论:**<br/><br/>alexwhoizzle: <pre><p>Looking at RFC4642 (<a href="https://tools.ietf.org/html/rfc4642" rel="nofollow">https://tools.ietf.org/html/rfc4642</a>) it says:</p> <blockquote> <p>2.2. STARTTLS Command</p> <p>2.2.1. Usage</p> <p>This command MUST NOT be pipelined.</p> <p>Syntax STARTTLS</p> <p>Responses</p> <pre><code> 382 Continue with TLS negotiation 502 Command unavailable [1] 580 Can not initiate TLS negotiation </code></pre> <p>[1] If a TLS layer is already active, or if authentication has occurred, STARTTLS is not a valid command (see Section 2.2.2).</p> </blockquote> <p>...</p> <blockquote> <p>A server MUST NOT return the STARTTLS capability label in response to a CAPABILITIES command received after a TLS handshake has completed, and a server MUST respond with a 502 response code if a STARTTLS command is received while a TLS session is already active.</p> </blockquote> <p>It seems like you are trying to handshake on TLS connection that has already been established. Make sure that you check the server&#39;s capabilities response before you call STARTTLS. </p></pre>Rabarar: <pre><p>Thanks! I think that&#39;s it - an implicit read call invoked a handshake and it&#39;s already occurred.</p> <p>Thanks again for the insights!!</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

6531 次点击  
加入收藏 微博
0 回复
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传