Golang – TLS握手错误

huangapple go评论96阅读模式
英文:

Golang - TLS handshake error

问题

我正在使用Go语言运行一个https web服务器。我正在使用一个Angular web应用程序(Chrome浏览器)对其进行测试,该应用程序通过ajax调用与web服务器通信。

如果我持续不断地访问web服务器,一切似乎都正常。但是,每当我让它空闲一段时间然后再访问web服务器时,浏览器的ajax调用就无法得到响应。几乎每次我在服务器日志中都会看到这行日志:

2016/01/16 04:06:47.006977 http: TLS handshake error from 42.21.139.47:51463: EOF

我可以确认这个IP地址是我的IP地址。

我是这样启动我的https服务器的:

r := mux.NewRouter()
r.HandleFunc("/status", handleStatus)
setUpLoginEndpoint(&cfg.Session, r)
setUpLogoutEndpoint(cfg.Session.CookieName, r)
setUpChangePasswordEndpoint(cfg.Session.CookieName, r)
setUpMetricSinkEndpoint(cfg.Metric.SinkApiKey, r)
setUpMetricQueryEndpoint(cfg.Session.CookieName, r)
http.ListenAndServeTLS(":443", "../cert.pem", "../keys.pem", &Server{r})

我可以确认在每个处理程序中都使用defer r.Body.Close()来关闭请求体。

我正在使用Go 1.5.2版本。

任何帮助将不胜感激。

祝好,

Sathya

英文:

I am running a https web server in go. I am testing it using a angular web app (Chrome browser) that makes ajax calls to the web server.

If I keep hitting the web server continuously everything seems working. But whenever I leave it idle for sometime and hit the web server the ajax call from browser doesn't get a response. Almost always I see this log line in my server log.

2016/01/16 04:06:47.006977 http: TLS handshake error from 42.21.139.47:51463: EOF

I can confirm that the IP address is my IP address.

I am starting my https server like this:

r := mux.NewRouter()
r.HandleFunc("/status", handleStatus)
setUpLoginEndpoint(&cfg.Session, r)
setUpLogoutEndpoint(cfg.Session.CookieName, r)
setUpChangePasswordEndpoint(cfg.Session.CookieName, r)
setUpMetricSinkEndpoint(cfg.Metric.SinkApiKey, r)
setUpMetricQueryEndpoint(cfg.Session.CookieName, r)
http.ListenAndServeTLS(":443", "../cert.pem", "../keys.pem", &Server{r})

I can confirm that I am closing the request body in every handler using defer r.Body.Close().

I am using go 1.5.2.

Any help would be appreciated.

Regards,

Sathya

答案1

得分: 10

我启用了TCP keepalive,并解决了这个问题。我在Google计算引擎中运行我的虚拟机,可能是防火墙终止了空闲连接。

TCP Keep alive

在Linux中配置TCP keep alive

Golang的HTTP服务器会自动识别这一点,所以我的Golang代码不需要进行任何更改。

谢谢,

Sathya

英文:

I enabled tcp keepalive and this problem got solved. I was running my VM in google compute engine and probably the firewall terminated idle connections.

TCP Keep alive

Configuring tcp keep alive in linux

Golang http server automatically picked this up, so no change was required in my golang code.

Regards,

Sathya

答案2

得分: 1

我遇到了与 OP 相同的错误,但在我的情况下,我指定的 TLSHandshakeTimeout 值太低了。我不确定适当的值是多少,但将其从 100ms 调整为 700ms 可以消除错误。对于其他遇到相同错误并在其 http.Client 设置中指定非默认 http.Transport 配置值的用户,您可能需要确保您的 TLSHandshakeTimeout 设置为足够高的值。

&http.Client{
  Transport: &http.Transport{
    TLSHandshakeTimeout:   700 * time.Millisecond, // <-- 当我将其设置为 100ms 时,我遇到了 OP 的错误
  }
}
英文:

I was receiving the same error as OP, but in my case the TLSHandshakeTimeout value I was specifying was too low. I'm not sure what an appropriate value is but moving it to 700ms from 100ms eliminated the error for me. For others experiencing the same error and who are specifying non-default http.Transport config values in their http.Client setup, you might want to make sure your TLSHandshakeTimeout is set to a high enough value.

&amp;http.Client{
  Transport: &amp;http.Transport{
    TLSHandshakeTimeout:   700 * time.Millisecond, //&lt;-- I was receiving OP&#39;s error when I had this set to 100ms
  }
}

huangapple
  • 本文由 发表于 2016年1月16日 13:07:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/34823724.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定