I've posted a more detailed explanation of this to the net-dev mailing list: https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/IsYHz3hNlNU
What we're seeing is clients making 2 back-to-back TCP connections to port 443 but only ever sending Client Hello (and continuing TLS handshake) to the first opened socket. The second socket is closed by the client after ~10 seconds without anything over the socket after the server acknowledging the SYN. It seems like this isn't a Golang issue but still seems like Go shouldn't be logging that the handshake failed when the handshake was never started. Should I file a bug to remove the log in that case? On Wednesday, May 3, 2017 at 9:45:00 AM UTC-4, James Hartig wrote: > > We're also seeing 100k of these errors per day per server. The majority of > the time its just a result of: > client SYN > server SYN-ACK > client FIN > server FIN-ACK > > or > > client SYN > server SYN-ACK > Retransmission > Retransmission > RST > ... > > The error if the version is unsupported is: > http: TLS handshake error from ip:port : tls: client offered an > unsupported, maximum protocol version of 300 > > Can we ignore this error if there was no handshake ever initiated? > > Thanks! > > On Sunday, January 1, 2017 at 1:10:54 PM UTC-5, paperboardinc wrote: >> >> No worries J at least your trying to help. I think the minimum must be >> TLS 1.0 because I know I didn’t set the tls server config value, however, I >> do know exactly where to set it. I asked this question in the Go repo on >> Github, a core golang developer told me to use the forums for asking >> questions, I suppose he knows the answer since he wasn’t really surprised >> about the behavior. We have about 2 million people using the site on a >> monthly basis, so it really floods our logs. @bratfpatrick please help! >> >> >> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
