Golang的TLS支持IE8吗?

huangapple go评论88阅读模式
英文:

Does golang TLS support IE8?

问题

最新的Chrome/IE9/Firefox都可以正常工作。IE8报错说页面无法显示,看起来连接被中止了。下面是快速测试代码。

<!-- language: lang-go -->

package main

import (
    "time"
    "fmt"
    "net/http"
)

type Handler struct {
}

func (this *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, %q", r.URL.Path)
}

func main() {
    handler := &Handler{}
    ss := &http.Server{
        Addr: ":443",
        Handler: handler,
        ReadTimeout: 10 * time.Second,
        WriteTimeout: 10 * time.Second,
        MaxHeaderBytes: 1 << 20,
    }
    ss.ListenAndServeTLS("cert.pem", "key.pem")
}

注意,"cert.pem"和"key.pem"是由"crypto/tls/generate_cert.go"生成的。我尝试了一个真实的证书,也没有起作用。

英文:

Latest Chrome/IE9/Firefox all work fine. IE8 complains that the page cannot be shown and it looks like that the connection is aborted. Here goes the quick test code.

<!-- language: lang-go -->

package main

import (
    &quot;time&quot;
    &quot;fmt&quot;
    &quot;net/http&quot;
)

type Handler struct {
}

func (this *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, &quot;Hello, %q&quot;, r.URL.Path)
}

func main() {
    handler := &amp;Handler{}
    ss := &amp;http.Server{
        Addr: &quot;:443&quot;,
        Handler: handler,
        ReadTimeout: 10 * time.Second,
        WriteTimeout: 10 * time.Second,
        MaxHeaderBytes: 1 &lt;&lt; 20,
    }
    ss.ListenAndServeTLS(&quot;cert.pem&quot;, &quot;key.pem&quot;)
}

Note that "cert.pem" and "key.pem" are generated by "crypto/tls/generate_cert.go". I tried a real certificate, and it did not work either.

答案1

得分: 1

TLS是一种标准,所以不存在“IE8的TLS”之类的东西。

我猜问题可能是IE8不信任您(可能是自签名的)证书。所以我认为您可以在这个SO线程中找到答案。

您也可以拥有一个正确签名的证书,但运行IE8的计算机上的证书存储没有导入您的CA证书(或者如果您的证书是由下级CA签名的,则是整个信任链)。在这种情况下,您应该做的就是获取您的CA证书(或者整个CA链,如果有的话)并将其导入到客户端机器上。

英文:

TLS is a standard, so there's no such thing as "TLS of IE8" or something like this.

I suppose the problem is that IE8 does not trust your (supposedly self-signed) certificate. So I think you could find an answer in this thread here on SO.

You can also have a properly signed certificate but the certificate storage on the computer running this IE8 instance does not have the certificate of your CA (or the whole trust chain of certificates if your certificate has been signed by a subordinate CA) imported and hence trusted. In that case you should do exactly that &mdash; get the certificate of your CA (or the whole chain of CAs, if any) and import it on the client machine.

答案2

得分: 0

这个问题可以通过这个补丁解决,“0001-Allow-SSLv2-compatible-client-hello-so-SSLv2-compati.patch”,在这个问题中:http://code.google.com/p/go/issues/detail?id=3930。

然而,这个修订版本,http://code.google.com/p/go/source/detail?r=8048fe8f6f4b,并没有解决这个问题。

英文:

moved from question as OP didn't made a proper answer

This problem can be resolved by this patch, "0001-Allow-SSLv2-compatible-client-hello-so-SSLv2-compati.patch", in issue http://code.google.com/p/go/issues/detail?id=3930.

This revision, http://code.google.com/p/go/source/detail?r=8048fe8f6f4b, however, does not solve the problem.

huangapple
  • 本文由 发表于 2012年9月28日 23:11:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/12642689.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定