Have you encountered the following error while using Go's net/http
package?
Get "https://host-with-tls-problem.com": remote error: tls: handshake failure
Here is a solution that works for me.
- Install goTLSScan:
$ go install github.com/jbardin/gotlsscan@latest
- Run goTLSScan:
$ gotlsscan -host "host-with-tls-problem.com"
...
Testing TLS1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [NOT SUPPORTED] EOF
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (DISABLED) [NOT SUPPORTED] EOF
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [NOT SUPPORTED]
TLS_ECDHE_RSA_WITH_RC4_128_SHA (DISABLED) [NOT SUPPORTED]
TLS_RSA_WITH_3DES_EDE_CBC_SHA [OK]
TLS_RSA_WITH_AES_128_CBC_SHA [OK]
TLS_RSA_WITH_AES_128_CBC_SHA256 [OK]
TLS_RSA_WITH_AES_128_GCM_SHA256 [OK]
TLS_RSA_WITH_AES_256_CBC_SHA [OK]
TLS_RSA_WITH_AES_256_GCM_SHA384 [OK]
TLS_RSA_WITH_RC4_128_SHA (DISABLED) [OK]
...
- Use the available TLS version and cipher suite:
func main() {
url := "https://host-with-tls-problem.com"
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
CipherSuites: []uint16{
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
},
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS12,
},
},
}
resp, err := client.Get(url)
if err != nil {
log.Fatal(err)
}
}
That's it!