tls: 收到长度为XXXXX的超大记录

huangapple go评论89阅读模式
英文:

tls: oversized record received with length XXXXX

问题

我使用内置的标准SSL套接字客户端库(net + crypto/tls)的方式如下:

conn, err := net.Dial("tcp", "exploit.im:5222")
//...
config := tls.Config{InsecureSkipVerify: true}
tls_conn := tls.Client(conn, &config)
fmt.Println(tls_conn.Handshake())

我收到以下消息:

conn, err := net.Dial("tcp", "exploit.im:5222")

我设法找出它与默认的最大数据包大小有关(在common.go的第31行设置为16384 + 2048)。是否有任何标准的解决方法(而不需要修补此值并重新构建库)?

英文:

I use the built-in standard SSL socket client library (net + crypto/tls) like this:

conn, err := net.Dial("tcp", "exploit.im:5222")
//...
config := tls.Config{InsecureSkipVerify: true}
tls_conn := tls.Client(conn, &config)
fmt.Println(tls_conn.Handshake())

And am getting the message:

> conn, err := net.Dial("tcp", "exploit.im:5222")

I managed to find out it is somehow related to the default maximum packet size (16384 + 2048 set in common.go:31). Is there any standard work around (without patching this value & rebuilding the lib)?

答案1

得分: 3

如果您尝试与不回复 SSL 的对等方进行 SSL 握手,就会收到这种消息。在这种情况下,可能是某个 XMPP 服务器,并且在使用 XMPP 之前,您首先需要进行一些明文握手,然后再开始 SSL。试图直接启动 SSL 将导致将服务器的明文响应解释为 SSL 帧,从而可能导致出现此类奇怪的错误消息。

英文:

You get this kind of messages if you try to do a SSL handshake with a peer which does not reply with SSL. In this case it is probably some XMPP server and with XMPP you first have some clear text handshake before you start with SSL. Trying to start directly with SSL will result in interpreting the servers clear text response as an SSL frame which can result in strange error messages like this.

huangapple
  • 本文由 发表于 2016年3月18日 06:57:42
  • 转载请务必保留本文链接:https://go.coder-hub.com/36073179.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定