]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6e7445)
crypto/tls: add offered cipher suites to the handshake error
authorNicola Murino <nicola.murino@gmail.com>
Sun, 24 Nov 2024 14:28:34 +0000 (15:28 +0100)
committerGopher Robot <gobot@golang.org>
Mon, 7 Apr 2025 16:32:45 +0000 (09:32 -0700)
This change makes debugging easier if the server handshake fails because
the client only offers unsupported algorithms.

Change-Id: I7daac173a16af2e073aec3d9b59709560f540c6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631555
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>

src/crypto/tls/handshake_server.go patch | blob | history
src/crypto/tls/handshake_server_tls13.go patch | blob | history

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 68c14b8a5a9fc3fbb7db692bfc2fbb7ab7ec3b0a..507b69a0ed1471e6a201c72673010b3db8233103 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -378,7 +378,8 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
        hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk)
        if hs.suite == nil {
                c.sendAlert(alertHandshakeFailure)
-               return errors.New("tls: no cipher suite supported by both client and server")
+               return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
+                       hs.clientHello.cipherSuites)
        }
        c.cipherSuite = hs.suite.id
 
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index 929d865dd403efc90819d482fa11a87839b03a7f..ab0cff9e28454ef283f4b55381806c98f5fb84df 100644 (file)
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -16,6 +16,7 @@ import (
        "crypto/rsa"
        "crypto/tls/internal/fips140tls"
        "errors"
+       "fmt"
        "hash"
        "internal/byteorder"
        "io"
@@ -190,7 +191,8 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
        }
        if hs.suite == nil {
                c.sendAlert(alertHandshakeFailure)
-               return errors.New("tls: no cipher suite supported by both client and server")
+               return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
+                       hs.clientHello.cipherSuites)
        }
        c.cipherSuite = hs.suite.id
        hs.hello.cipherSuite = hs.suite.id
Go GOST TLS 1.3