email - 使用 Go/TLS 发送电子邮件会产生 "remote error: handshake failure"响应

标签 email ssl go

我们正在使用 Go smtp.SendMail() 函数发送电子邮件。如果我们使用 TLS 禁用该功能,我们可以毫无问题地向 kaser.com 发送电子邮件。使用 TLS 时,我们会收到以下错误:remote error: handshake failure

如果我运行 openssl s_client -connect kaser.com:25 -starttls smtp,我会得到以下信息:

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = COMODO SSL Wildcard, CN = *.inmotionhosting.com
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.inmotionhosting.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQPO5olnzo7AmygRYMaAwxWjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNDAyMjQwMDAwMDBaFw0xNzAyMjMyMzU5NTlaMGExITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEcMBoGA1UECxMTQ09NT0RPIFNTTCBXaWxk
Y2FyZDEeMBwGA1UEAxQVKi5pbm1vdGlvbmhvc3RpbmcuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGodB+JkHpHHJHsJx+vYmSaUQOxqP9oS6YVk
OpoqKDygz6n5PgYm11KZzhSzdD+mY8YSGQOCmDry21irojJxxEsxt2+ATwJFC9V2
4FYfwKngMDoWy0n21gopeISgo7O8TIgAP+i/HxIFm0N3ROfs5nVvp8CvBhQSakRS
x5Zh+jB5Lo6Ajmko8Z8aRqq3WQvx3CCnJ0psb+efGVsVJ4kv8nHbsqJZqyHxw0Zv
3V58S3wWMO1RORDaG+1AyYCn6192zrpWwEeaQXaxNw9B6SZLTB37ixaQoQoze8wD
Nn7JAQ2x7SrCKIHO1tyRZqZvJion01g0E/MbCOh502H323KihwIDAQABo4IB5zCC
AeMwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFHuv
zpQRevgYmNy3FzxVJSVSOi+OMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysG
AQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5j
b20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNv
bW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQu
Y29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2
ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1
BgNVHREELjAsghUqLmlubW90aW9uaG9zdGluZy5jb22CE2lubW90aW9uaG9zdGlu
Zy5jb20wDQYJKoZIhvcNAQELBQADggEBAAGSDm2jXQFgodUt5YBajGv4fUm1kVeX
wHcWnOWrYkdnzg1cdUgqQZx5evQxg/CBuxz6SKEos8ao1udFpXHcyVOqhs7vo8Vy
QjItiVX4zevtRnpqXzJ2LjlFqd5N+/ENq2pYMihJl6SvHGB/ejG5C0+DHw4RyOtc
c9OeKCfr7d/JGFSqzLidabSVboenzGBJW1aG4r2uza7J3QyxPpCsnL4sg1w2gagE
NAnHrghU50lK0Ha2NiWn4+G6PFQRiXanmPdFqqUGbMn/ZN6rK8+LIOEJ7NL8L3ED
mMh1aMqza9RY4iN8MXgxQ7da9l2rGbHf24FbdFM/qV7+FBoStQm6it8=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.inmotionhosting.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4861 bytes and written 596 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: F532F400F99290364AECE777619E466E7C3C3086D23F77F694AEA7F86DB4A2A7
    Session-ID-ctx:
    Master-Key: BF3551E6A77A02A7AA8F0273B1478D7C17AF6404D176974F55CDC4287671FAC71C7E454224001BE15C57BE6254CE5094
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1455730440
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 HELP
quit

知道为什么它不喜欢 Go 的 TLS 吗?

最佳答案

如果您确定服务器只接受不安全的密码套件并且无法更新,go 确实包含一些 RC4 密码,但已禁用。

smtp.SendMail 便捷函数无法更改 tls.Config,但很容易获取该函数的主体并使用 smtp.Client 手动。

您可以使用所需的 CipherSuites 创建一个 tls.Config,并将其传递给 Client.StartTLS

config := &tls.Config{
    ServerName:   serverName,
    CipherSuites: []uint16{tls.TLS_RSA_WITH_RC4_128_SHA},
}

// c is an smtp.Client
if err = c.StartTLS(config); err != nil {
    return err
}

关于email - 使用 Go/TLS 发送电子邮件会产生 "remote error: handshake failure"响应,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35464211/

上一篇:go - 如何杀死阻塞go routine

下一篇:c - 在 cgo、golang 中使用 free 时获得双重释放或损坏(out)

相关文章:

regex - 将 http 重定向到 https(仅前端而不是管理面板)

ssl - Spring WS配置Wsdl11DestinationProvider错误

mongodb - 执行将我连接到mongodb数据库的函数时出现问题

go - 如何列出未与组织共享的 Google 云端硬盘文件

python 3.9.0 smtplib.SMTPNotSupportedError : STARTTLS extension not supported by server

ruby - 为什么会出现 Net::SMTPSyntaxError?

ios - 防止 iphone 电子邮件客户端缩放响应电子邮件

python - 在 App Engine/Python 中发送 HTML 电子邮件?

java - 创建 Web 服务客户端时,没有主题备用名称出现异常

go - 如何处理 'go test all' 中的预期+无关故障?

©2024 IT工具网  联系我们