search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
121.15k stars 17.37k forks source link

crypto/tls: Sending multiple messages via tcp4 connection encrypted by TLS1.3 doesn't work #43250

Open nixargh opened 3 years ago

nixargh commented 3 years ago

What version of Go are you using (go version)?

$ go version
go version go1.15.6 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/user/.cache/go-build"
GOENV="/home/user/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/user/Documents/repos/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/user/Documents/repos/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build262060463=/tmp/go-build -gno-record-gcc-switches"

What did you do?

My code receives and sends text messages to Haproxy (I've tried 1.8 and 2.2) via TCP connection. It works w/o encryption and with TLS1.2. But doesn't work with TLS1.3 except when I send only one message per connection. I undestand that it may be a bug in Haproxy but I haven't found one and also I have another Haproxy and Java programs that do the same job w/o errors. Haproxy config sets minimum encryption level to TLS1.2.

A piece of code that sends multiple messages to TLS connection: https://play.golang.org/p/x5RWpwrcvLh Full code is here.

What did you expect to see?

I expect Haproxy receive and process those messages.

What did you see instead?

Almost all (~95%) of message finished with CD error that means (from here):

     CD   The client unexpectedly aborted during data transfer. This can be
          caused by a browser crash, by an intermediate equipment between the
          client and haproxy which decided to actively break the connection,
          by network routing issues between the client and haproxy, or by a
          keep-alive session between the server and the client terminated first
          by the client.

Log message example: Dec 17 19:34:37 haproxy-secure haproxy[7240]: *.*.*.*:33308 [17/Dec/2020:19:34:37.674] test~ test/test 100/1/198 0 CD 2/2/1/0/0 0/0

networkimprov commented 3 years ago

cc @FiloSottile @ianlancetaylor

networkimprov commented 3 years ago

Possibly related to #41910?