使用Go / TLS发送电子邮件会导致“远程错误:握手失败”响应
[英]Sending email with Go/TLS results in “remote error: handshake failure” response
问题描述
我们正在使用Go smtp.SendMail()函数发送电子邮件。 如果我们禁用了使用TLS的功能,那么在向kaser.com发送电子邮件方面没有问题。 使用TLS,我们会收到以下错误: remote error: handshake failure 。
如果我运行openssl s_client -connect kaser.com:25 -starttls smtp , openssl s_client -connect kaser.com:25 -starttls smtp得到以下信息:
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = COMODO SSL Wildcard, CN = *.inmotionhosting.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.inmotionhosting.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQPO5olnzo7AmygRYMaAwxWjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNDAyMjQwMDAwMDBaFw0xNzAyMjMyMzU5NTlaMGExITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEcMBoGA1UECxMTQ09NT0RPIFNTTCBXaWxk
Y2FyZDEeMBwGA1UEAxQVKi5pbm1vdGlvbmhvc3RpbmcuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGodB+JkHpHHJHsJx+vYmSaUQOxqP9oS6YVk
OpoqKDygz6n5PgYm11KZzhSzdD+mY8YSGQOCmDry21irojJxxEsxt2+ATwJFC9V2
4FYfwKngMDoWy0n21gopeISgo7O8TIgAP+i/HxIFm0N3ROfs5nVvp8CvBhQSakRS
x5Zh+jB5Lo6Ajmko8Z8aRqq3WQvx3CCnJ0psb+efGVsVJ4kv8nHbsqJZqyHxw0Zv
3V58S3wWMO1RORDaG+1AyYCn6192zrpWwEeaQXaxNw9B6SZLTB37ixaQoQoze8wD
Nn7JAQ2x7SrCKIHO1tyRZqZvJion01g0E/MbCOh502H323KihwIDAQABo4IB5zCC
AeMwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFHuv
zpQRevgYmNy3FzxVJSVSOi+OMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysG
AQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5j
b20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNv
bW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQu
Y29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2
ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1
BgNVHREELjAsghUqLmlubW90aW9uaG9zdGluZy5jb22CE2lubW90aW9uaG9zdGlu
Zy5jb20wDQYJKoZIhvcNAQELBQADggEBAAGSDm2jXQFgodUt5YBajGv4fUm1kVeX
wHcWnOWrYkdnzg1cdUgqQZx5evQxg/CBuxz6SKEos8ao1udFpXHcyVOqhs7vo8Vy
QjItiVX4zevtRnpqXzJ2LjlFqd5N+/ENq2pYMihJl6SvHGB/ejG5C0+DHw4RyOtc
c9OeKCfr7d/JGFSqzLidabSVboenzGBJW1aG4r2uza7J3QyxPpCsnL4sg1w2gagE
NAnHrghU50lK0Ha2NiWn4+G6PFQRiXanmPdFqqUGbMn/ZN6rK8+LIOEJ7NL8L3ED
mMh1aMqza9RY4iN8MXgxQ7da9l2rGbHf24FbdFM/qV7+FBoStQm6it8=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.inmotionhosting.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4861 bytes and written 596 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: F532F400F99290364AECE777619E466E7C3C3086D23F77F694AEA7F86DB4A2A7
Session-ID-ctx:
Master-Key: BF3551E6A77A02A7AA8F0273B1478D7C17AF6404D176974F55CDC4287671FAC71C7E454224001BE15C57BE6254CE5094
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1455730440
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 HELP
quit
有什么想法为什么不喜欢Go的TLS吗?
1 个解决方案
解决方案1
2 已采纳 2016-02-17 18:31:32
如果您确定服务器仅接受不安全的密码套件并且无法更新,则go确实包含一些RC4密码,但已禁用。
smtp.SendMail便捷功能无法更改tls.Config ,但是很容易获得该函数的主体并手动使用smtp.Client 。
您可以使用tls.Config的CipherSuite创建tls.Config ,并将其传递给Client.StartTLS
config := &tls.Config{
ServerName: serverName,
CipherSuites: []uint16{tls.TLS_RSA_WITH_RC4_128_SHA},
}
// c is an smtp.Client
if err = c.StartTLS(config); err != nil {
return err
}
使用 Office 365 设置标准 Go 网络/smtp 失败并显示“错误 tls:第一条记录看起来不像 TLS 握手”
[英]Setting up standard Go net/smtp with Office 365 fails with “Error tls: first record does not look like a TLS handshake”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.