为什么我的Go代码中的MinVersion标志被忽略了?

huangapple go评论109阅读模式
英文:

Why is the MinVersion flag being ignored in my Go code?

问题

我正在尝试调试与给定主机的连接失败问题。我已经记录了通过浏览器对该主机进行的成功请求的数据包捕获,以及通过下面的Go代码进行的失败请求:

package main

import (
        "crypto/tls"
        "log"
)

func main() {
        log.SetFlags(log.Lshortfile)

        conf := &tls.Config{
                //InsecureSkipVerify: true,
                MinVersion: tls.VersionTLS13,
                MaxVersion: tls.VersionTLS13,
        }


        conn, err := tls.Dial("tcp", "x.x.x.x:443", conf)
        if err != nil {
                log.Println(err)
                return
        }
        defer conn.Close()

        n, err := conn.Write([]byte("hello\n"))
        if err != nil {
                log.Println(n, err)
                return
        }

        buf := make([]byte, 100)
        n, err = conn.Read(buf)
        if err != nil {
                log.Println(n, err)
                return
        }

        println(string(buf[:n]))
}

在检查成功和失败请求中的客户端Hello数据包后,我注意到成功请求使用的是TLSv1.3,而失败请求使用的是TLSv1.2。

我的代码指定了我只想在请求中使用TLSv1.3,但出于某种原因,请求仍然尝试使用TLSv1.2。我尝试查阅了各种用Go编写的示例HTTP客户端,并确认我正在使用正确的语法。你对我在这里做错了什么有什么想法吗?

英文:

I'm trying to debug a failing connection to a given host. I've recorded packet captures for successful requests made to this host via the browser, as well as unsuccessful requests made via my Go code below:

package main

import (
        "crypto/tls"
        "log"
)

func main() {
        log.SetFlags(log.Lshortfile)

        conf := &tls.Config{
                //InsecureSkipVerify: true,
                MinVersion: tls.VersionTLS13,
                MaxVersion: tls.VersionTLS13,
        }


        conn, err := tls.Dial("tcp", "x.x.x.x:443", conf)
        if err != nil {
                log.Println(err)
                return
        }
        defer conn.Close()

        n, err := conn.Write([]byte("hello\n"))
        if err != nil {
                log.Println(n, err)
                return
        }

        buf := make([]byte, 100)
        n, err = conn.Read(buf)
        if err != nil {
                log.Println(n, err)
                return
        }

        println(string(buf[:n]))
}

After inspecting the Client Hello packet in both the successful and unsuccessful requests, I've noticed that successful requests uses TLSv1.3 versus unsuccessful requests which use TLSv1.2.

My code above specifies that I only want to use TLSv1.3 in my request, but for whatever reason the request still attempts to use TLSv1.2. I've tried consulting various example http clients written in go, and have confirmed that I'm using the correct syntax. Any ideas what I'm doing wrong here?

答案1

得分: 0

TLS 1.3握手也是以TLS 1.2的"Client Hello"开始的。

如果我们在golang代码中指定TLS 1.3,在"supported_versions"扩展中只有一个"TLS 1.3"。

如果服务器不支持TLS 1.3或由于其他原因,在握手阶段连接失败,它看起来就像是一个失败的TLS 1.2连接。

英文:

TLS 1.3 handshake also begins with a TLS 1.2 Client Hello

为什么我的Go代码中的MinVersion标志被忽略了?

If we specify TLS 1.3 in golang code, in the supported_versions extension there's only one TLS 1.3

为什么我的Go代码中的MinVersion标志被忽略了?

If the server did not support TLS 1.3 or any other reason,the connection failed in handshake phase, it would looks like a failed TLS 1.2 connection.

huangapple
  • 本文由 发表于 2021年10月29日 07:50:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/69762156.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定