Created
February 24, 2015 21:11
-
-
Save tiborvass/7a4ded9d39b7b2f7e116 to your computer and use it in GitHub Desktop.
Debug tls versions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"crypto/x509" | |
"fmt" | |
"io/ioutil" | |
"log" | |
"net" | |
"os" | |
"time" | |
) | |
func main() { | |
var tlsConfig *tls.Config | |
addr := os.Args[1] | |
for tlsVersionStr, tlsVersion := range map[string]uint16{"sslv3": tls.VersionSSL30, "tls1": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12} { | |
fmt.Println("trying", tlsVersionStr) | |
if len(os.Args) > 2 { | |
caCertFile := os.Args[2] | |
caCert, err := ioutil.ReadFile(caCertFile) | |
if err != nil { | |
log.Fatal(err) | |
} | |
caCertPool := x509.NewCertPool() | |
caCertPool.AppendCertsFromPEM(caCert) | |
tlsConfig = &tls.Config{ | |
RootCAs: caCertPool, | |
MinVersion: tlsVersion, | |
MaxVersion: tlsVersion, | |
} | |
tlsConfig.BuildNameToCertificate() | |
} | |
dialer := &net.Dialer{Timeout: 2 * time.Second} | |
conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig) | |
if err != nil { | |
log.Println(err) | |
continue | |
} | |
conn.Close() | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment