CODEWITHSUNDEEP
gohttpssltls1.0tls1.1
manaaa
manaaa

Reputation: 31

TLS 1.0 and 1.1 connections not working in Go

I am creating a tls encrypted HTTP server in Go using the standard and decreased the minimum supported TLS version in the used tls.Config to TLS 1.0 (VersionTLS10) knowing that TLS 1.0 and 1.1 are already EOL. I want to make sure in case a client which only supports TLS < 1.2 comes in there is a chance to communicate to the server by manually decreasing the minimum TLS version.

I did not find anything in the godocs that TLS 1.0 and 1.1 should not work but when I run the code provided in the example below by adding a self signed certificate and key, I receive an error that the protocol is unsupported. Additionally I have also tried to set the GODEBUG variable to tls10server=1, which had also no effect. I use go version 1.23.4.

package main

import (
    "crypto/tls"
    "log"
    "net/http"
)

func main() {

    server := http.Server{
        Addr: "0.0.0.0:8080",
        Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
            w.WriteHeader(http.StatusOK)
            w.Write([]byte("success"))
        }),
    }
    server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS10}
    if err := server.ListenAndServeTLS("server.crt", "server.key"); err != nil {
        log.Fatalf("server crashed :: %s", err.Error())
    }

}

I have tried the tls check to the server with the command below (same outcome for curl with argument --tls-max 1.0):

openssl s_client -connect localhost:8080 -tls1_1

aswell as:

openssl s_client -connect localhost:8080 -tls1

both are failing with the following error message:

CONNECTED(00000003) 409776618F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../ssl/statem/statem_lib.c:104:

In the applications output I can see the following entry:

2025/01/10 16:17:21 http: TLS handshake error from 172.21.29.106:33582: remote error: tls: protocol version not supported

Does somebody have a hint, what I am doing wrong or if these two TLS versions are completely unsupported by Go even though I did not find anything related in the godocs.

Thank you very much for your help and valuable hints.

Best regards

Upvotes: 1

Views: 149

Answers (0)

Related Questions