英文:
Does golang TLS support IE8?
问题
最新的Chrome/IE9/Firefox都可以正常工作。IE8报错说页面无法显示,看起来连接被中止了。下面是快速测试代码。
<!-- language: lang-go -->
package main
import (
"time"
"fmt"
"net/http"
)
type Handler struct {
}
func (this *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %q", r.URL.Path)
}
func main() {
handler := &Handler{}
ss := &http.Server{
Addr: ":443",
Handler: handler,
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
ss.ListenAndServeTLS("cert.pem", "key.pem")
}
注意,"cert.pem"和"key.pem"是由"crypto/tls/generate_cert.go"生成的。我尝试了一个真实的证书,也没有起作用。
英文:
Latest Chrome/IE9/Firefox all work fine. IE8 complains that the page cannot be shown and it looks like that the connection is aborted. Here goes the quick test code.
<!-- language: lang-go -->
package main
import (
"time"
"fmt"
"net/http"
)
type Handler struct {
}
func (this *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %q", r.URL.Path)
}
func main() {
handler := &Handler{}
ss := &http.Server{
Addr: ":443",
Handler: handler,
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
ss.ListenAndServeTLS("cert.pem", "key.pem")
}
Note that "cert.pem" and "key.pem" are generated by "crypto/tls/generate_cert.go". I tried a real certificate, and it did not work either.
答案1
得分: 1
TLS是一种标准,所以不存在“IE8的TLS”之类的东西。
我猜问题可能是IE8不信任您(可能是自签名的)证书。所以我认为您可以在这个SO线程中找到答案。
您也可以拥有一个正确签名的证书,但运行IE8的计算机上的证书存储没有导入您的CA证书(或者如果您的证书是由下级CA签名的,则是整个信任链)。在这种情况下,您应该做的就是获取您的CA证书(或者整个CA链,如果有的话)并将其导入到客户端机器上。
英文:
TLS is a standard, so there's no such thing as "TLS of IE8" or something like this.
I suppose the problem is that IE8 does not trust your (supposedly self-signed) certificate. So I think you could find an answer in this thread here on SO.
You can also have a properly signed certificate but the certificate storage on the computer running this IE8 instance does not have the certificate of your CA (or the whole trust chain of certificates if your certificate has been signed by a subordinate CA) imported and hence trusted. In that case you should do exactly that — get the certificate of your CA (or the whole chain of CAs, if any) and import it on the client machine.
答案2
得分: 0
这个问题可以通过这个补丁解决,“0001-Allow-SSLv2-compatible-client-hello-so-SSLv2-compati.patch”,在这个问题中:http://code.google.com/p/go/issues/detail?id=3930。
然而,这个修订版本,http://code.google.com/p/go/source/detail?r=8048fe8f6f4b,并没有解决这个问题。
英文:
moved from question as OP didn't made a proper answer
This problem can be resolved by this patch, "0001-Allow-SSLv2-compatible-client-hello-so-SSLv2-compati.patch", in issue http://code.google.com/p/go/issues/detail?id=3930.
This revision, http://code.google.com/p/go/source/detail?r=8048fe8f6f4b, however, does not solve the problem.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论