Certificates TSL - error:1408F10B:SSL routines:ssl3_get_record:wrong version number

[tcastelly]

Hello,

I'm trying to use an x.509 certificate to serve TLS traffic;

The certificate has been generated in the same way as key_test.go.

I defined the http serve like this:

mux := http.NewServeMux()

mux.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
    writer.WriteHeader(200)
    writer.Write([]byte("hello world"))
})

logger := log.New(os.Stdout, "http: ", log.LstdFlags)

s := &http.Server{
    Addr:     ":1443",
    ErrorLog: logger,
    TLSConfig: &tls.Config{
        Certificates: []tls.Certificate{
            {
                Certificate: [][]byte{cert.Raw},
                PrivateKey:  priv,
            },
        },
    },
    Handler: mux,
}

When I try to access to https://localhost:1443 I have this error with the curl command:

➜  ~ curl -vvv https://localhost:1443/
*   Trying ::1:1443...
* Connected to localhost (::1) port 1443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I've created a repository: https://github.com/shenron/try-piv-go

---

I've some difficulty to understand if the problem come from the combination with the private key. Or if it's something else.

[ericchiang]

You're listening for HTTP requests, not HTTPS

https://golang.org/src/net/http/server.go?s=91632:91673#L2888

You probably want:

s.ListenAndServeTLS("", "")

Here's some slides for a talk I gave on using Go's TLS libraries https://docs.google.com/presentation/d/16y-HTvL7ASzf9JspCBX0OVmhwUWVoLj9epzJfNMQRr8/preview?slide=id.p

Closing, since this doesn't appear to be a bug in piv-go.

[tcastelly]

It works!

Your slides are very interesting. Thank you so much!