Hello together,
I am creating a tls encrypted http server and decreased the minimum supported tls version in the used tls.Config (despite knowing that 1.0 and 1.1 are EOL).
I did not find anything in the godocs that this should not work but when I run the code in the example below by providing a self signed certificate and key, I receive an error that the protocol is unsupported. Additionally I have also tried to set the GODEBUG variable to tls10server=1, which had also no effect.
package main
import (
"crypto/tls"
"log"
"net/http"
)
func main() {
server := http.Server{
Addr: "0.0.0.0:8080",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("success"))
}),
}
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS10}
if err := server.ListenAndServeTLS("server.crt", "server.key"); err != nil {
log.Fatalf("server crashed :: %s", err.Error())
}
}
I have tried the tls check to the server with the command below (same outcome for curl with argument --tls-max 1.0):
openssl s_client -connect localhost:8080 -tls1_1
aswell as:
openssl s_client -connect localhost:8080 -tls1_0
both are failing with the following error message:
CONNECTED(00000003)
409776618F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:…/ssl/statem/statem_lib.c:104:
In the applications output I can see the following entry:
2025/01/10 16:17:21 http: TLS handshake error from 172.21.29.106:33582: remote error: tls: protocol version not supported
Does somebody have a hint, what I am doing wrong or if these two TLS versions are completely unsupported by Go even though I did not find anything related in the godocs.
Thank you very much for your help and hints.
Best regards,
Timo