Golang - TLS handshake error

7
votes

I am running a https web server in go. I am testing it using a angular web app (Chrome browser) that makes ajax calls to the web server.

If I keep hitting the web server continuously everything seems working. But whenever I leave it idle for sometime and hit the web server the ajax call from browser doesn't get a response. Almost always I see this log line in my server log.

2016/01/16 04:06:47.006977 http: TLS handshake error from 42.21.139.47:51463: EOF

I can confirm that the IP address is my IP address.

I am starting my https server like this:

r := mux.NewRouter()
r.HandleFunc("/status", handleStatus)
setUpLoginEndpoint(&cfg.Session, r)
setUpLogoutEndpoint(cfg.Session.CookieName, r)
setUpChangePasswordEndpoint(cfg.Session.CookieName, r)
setUpMetricSinkEndpoint(cfg.Metric.SinkApiKey, r)
setUpMetricQueryEndpoint(cfg.Session.CookieName, r)
http.ListenAndServeTLS(":443", "../cert.pem", "../keys.pem", &Server{r})

I can confirm that I am closing the request body in every handler using defer r.Body.Close().

I am using go 1.5.2.

Any help would be appreciated.

Regards,

Sathya

2
gohttps
I would guess that there is a network appliance between you and the server which drops the idle connection, but you would need a network capture (possible on both sides) to be sure. Regardless, network failures are something you need to account for, so you should be able to work around it.JimB
It might be helpful to see more surrounding context of how you standup your Server — the fact that the log notes that the incoming connection was via port :51463 would suggest that somewhere in your code, the stdlib HTTP library is choosing a random port for serving traffic (other than 443).Jeff Sisson
@JeffSisson, that is the remote port. It makes no sense for the http package to be serving from a random port.JimB

2 Answers

10
votes

I enabled tcp keepalive and this problem got solved. I was running my VM in google compute engine and probably the firewall terminated idle connections.

TCP Keep alive

Configuring tcp keep alive in linux

Golang http server automatically picked this up, so no change was required in my golang code.

Regards,

Sathya

0
votes

I was receiving the same error as OP, but in my case the TLSHandshakeTimeout value I was specifying was too low. I'm not sure what an appropriate value is but moving it to 700ms from 100ms eliminated the error for me. For others experiencing the same error and who are specifying non-default http.Transport config values in their http.Client setup, you might want to make sure your TLSHandshakeTimeout is set to a high enough value.

&http.Client{
  Transport: &http.Transport{
    TLSHandshakeTimeout:   700 * time.Millisecond, //<-- I was receiving OP's error when I had this set to 100ms
  }
}