I'm attempting to explicitly execute a TLS Handshake (i.e. StartTLS) and when doing so receive a version mismatch error.
what would cause tls.Handshake() to error with
received record with version 502 when expecting version 303
I'm not sure where to find or how to control the versions in this context. I see the logic checking the versions in conn.go
if c.haveVers && vers != c.vers {
588 c.sendAlert(alertProtocolVersion)
589 msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers)
590 return c.in.setErrorLocked(c.newRecordHeaderError(msg))
591 }
but am uncertain how to find and or specify versions that would match and allow a successful handshake.
评论:
alexwhoizzle:
Rabarar:Looking at RFC4642 (https://tools.ietf.org/html/rfc4642) it says:
2.2. STARTTLS Command
2.2.1. Usage
This command MUST NOT be pipelined.
Syntax STARTTLS
Responses
382 Continue with TLS negotiation 502 Command unavailable [1] 580 Can not initiate TLS negotiation
[1] If a TLS layer is already active, or if authentication has occurred, STARTTLS is not a valid command (see Section 2.2.2).
...
A server MUST NOT return the STARTTLS capability label in response to a CAPABILITIES command received after a TLS handshake has completed, and a server MUST respond with a 502 response code if a STARTTLS command is received while a TLS session is already active.
It seems like you are trying to handshake on TLS connection that has already been established. Make sure that you check the server's capabilities response before you call STARTTLS.
Thanks! I think that's it - an implicit read call invoked a handshake and it's already occurred.
Thanks again for the insights!!