Skip to content

Instantly share code, notes, and snippets.

@tiborvass
Created February 24, 2015 21:11
Show Gist options
  • Save tiborvass/7a4ded9d39b7b2f7e116 to your computer and use it in GitHub Desktop.
Save tiborvass/7a4ded9d39b7b2f7e116 to your computer and use it in GitHub Desktop.
Debug tls versions
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"log"
"net"
"os"
"time"
)
func main() {
var tlsConfig *tls.Config
addr := os.Args[1]
for tlsVersionStr, tlsVersion := range map[string]uint16{"sslv3": tls.VersionSSL30, "tls1": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12} {
fmt.Println("trying", tlsVersionStr)
if len(os.Args) > 2 {
caCertFile := os.Args[2]
caCert, err := ioutil.ReadFile(caCertFile)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig = &tls.Config{
RootCAs: caCertPool,
MinVersion: tlsVersion,
MaxVersion: tlsVersion,
}
tlsConfig.BuildNameToCertificate()
}
dialer := &net.Dialer{Timeout: 2 * time.Second}
conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
if err != nil {
log.Println(err)
continue
}
conn.Close()
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment