Golang的HTTP客户端握手失败

huangapple go评论95阅读模式
英文:

Golang http client handshake failure

问题

尝试获取网页:

    tr := &http.Transport{
        TLSHandshakeTimeout: 30 * time.Second,
        DisableKeepAlives: true,
    }
    
    client := &http.Client{Transport: tr}

    req, err := http.NewRequest("GET", "https://www.fl.ru/", nil)
    if err != nil {
        log.Fatalf("%s\n", err);
    }

    resp, err := client.Do(req);
    if err != nil {
        log.Fatalf("%s\n", err);
    }
    defer resp.Body.Close()

获取 https://www.fl.ru/:远程错误:握手失败。

如果我尝试获取另一个 HTTPS 页面 - 一切正常。

英文:

Try get webpage:

    tr := &http.Transport{
	    TLSHandshakeTimeout: 30 * time.Second,
	    DisableKeepAlives: true,
	}
	
	client := &http.Client{Transport: tr}

	req, err := http.NewRequest("GET", "https://www.fl.ru/", nil)
	if err != nil {
		log.Fatalf("%s\n", err);
	}

    resp, err := client.Do(req);
	if err != nil {
		log.Fatalf("%s\n", err);
	}
	defer resp.Body.Close()

Get https://www.fl.ru/: remote error: handshake failure.

If I try to get another HTTPS page - all is OK.

答案1

得分: 7

该服务器只支持一些弱密码:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024位 (p: 128, g: 1, Ys: 128)   FS   WEAK
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024位 (p: 128, g: 1, Ys: 128)   FS   WEAK
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK

如果你确实需要连接到该服务器,Go语言支持列表中的最后一个密码,但默认情况下不支持。创建一个带有新的tls.Config的客户端,指定你想要的密码:

t := &http.Transport{
    Proxy: http.ProxyFromEnvironment,
    Dial: (&net.Dialer{
        Timeout:   30 * time.Second,
        KeepAlive: 30 * time.Second,
    }).Dial,
    TLSHandshakeTimeout: 10 * time.Second,
    TLSClientConfig: &tls.Config{
        CipherSuites: []uint16{tls.TLS_RSA_WITH_RC4_128_SHA},
    },
}
英文:

That server only supports a few, weak ciphers:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK
TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK

If you really must connect to that server, Go does support the last cipher in the list, but not by default. Create a client with a new tls.Config specifying the cipher you want:

t := &http.Transport{
	Proxy: http.ProxyFromEnvironment,
	Dial: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
	}).Dial,
	TLSHandshakeTimeout: 10 * time.Second,
	TLSClientConfig: &tls.Config{
		CipherSuites: []uint16{tls.TLS_RSA_WITH_RC4_128_SHA},
	},
}

huangapple
  • 本文由 发表于 2015年9月11日 20:26:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/32523521.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定