I’m trying to debug a failing connection to a given host. I’ve recorded packet captures for successful requests made to this host via the browser, as well as unsuccessful requests made via my Go code below:
package main
import (
"crypto/tls"
"log"
)
func main() {
log.SetFlags(log.Lshortfile)
conf := &tls.Config{
//InsecureSkipVerify: true,
MinVersion: tls.VersionTLS13,
MaxVersion: tls.VersionTLS13,
}
conn, err := tls.Dial("tcp", "x.x.x.x:443", conf)
if err != nil {
log.Println(err)
return
}
defer conn.Close()
n, err := conn.Write([]byte("hello\n"))
if err != nil {
log.Println(n, err)
return
}
buf := make([]byte, 100)
n, err = conn.Read(buf)
if err != nil {
log.Println(n, err)
return
}
println(string(buf[:n]))
}
After inspecting the Client Hello packet in both the successful and unsuccessful requests, I’ve noticed that successful requests uses TLSv1.3 versus unsuccessful requests which use TLSv1.2.
My code above specifies that I only want to use TLSv1.3 in my request, but for whatever reason the request still attempts to use TLSv1.2. I’ve tried consulting various example http clients written in go, and have confirmed that I’m using the correct syntax. Any ideas what I’m doing wrong here?