Http/server: don't response if not TLS

Hi all,

I’m looking for a way to make TLS server not response if the caller didn’t use TLS.

for example when you try to enter it will not response.

you can test it with:

package main
import (

func main() {
        http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request){
        err := http.ListenAndServeTLS(":443", "cert.pem", "key.key", nil)
        if err != nil {

and go to browser an enter http:// localhost: 443


The code in the Go library doesn’t support this.
Why do you want to not at least return a 400 HTTP response?

Thank you for the replay.
It’s a fingerprint for a Go web server.

Other websites like google. com, cisco. com, apple. com will not response to http request using https port like

Some other services will redirect to https like

I would like to control this behavior in Go if I can.

Your observation is not quite correct. Compare these two:

❯ curl -v
* Rebuilt URL to:
*   Trying
* Connected to ( port 80 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.43.0
> Accept: */*
< HTTP/1.1 302 Found
< Date: Thu, 06 May 2021 12:45:08 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 42
< Location:
< Via: 1.1 google
<a href="">Found</a>.

That’s what is expected: A HTTP request is redirected to a HTTPS request. But:

❯ curl -v
* Rebuilt URL to:
*   Trying
* Connected to ( port 443 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.43.0
> Accept: */*
* Recv failure: Connection reset by peer
* Closing connection 0

A HTTP request for the HTTPS port 443 is rejected.

I think it is a matter of taste if you prefer this “Connection reset by peer” behaviour or the 400 Bad Request response that the Go standard library implements.

In any case, put a HTTP reverse proxy like NGINX in front of your Go code if you want to have more control over how HTTP requests are handled.

“I think it is a matter of taste” :+1:


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.