From 5b2edd4705ee28c32cba5fb7f488f1b22bdbb48f Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 10 May 2025 23:33:34 -0400 Subject: [PATCH] crypto/tls: add offered cipher suites to the handshake error This change makes debugging easier if the server handshake fails because the client only offers unsupported algorithms. Change-Id: I7daac173a16af2e073aec3d9b59709560f540c6f Reviewed-on: https://go-review.googlesource.com/c/go/+/631555 Reviewed-by: Dmitri Shuralyov LUCI-TryBot-Result: Go LUCI Reviewed-by: Filippo Valsorda Reviewed-by: Roland Shoemaker Auto-Submit: Nicola Murino --- handshake_server.go | 3 ++- handshake_server_tls13.go | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/handshake_server.go b/handshake_server.go index fd26c4f..03d0553 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -374,7 +374,8 @@ func (hs *serverHandshakeState) pickCipherSuite() error { hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk) if hs.suite == nil { c.sendAlert(alertHandshakeFailure) - return errors.New("tls: no cipher suite supported by both client and server") + return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x", + hs.clientHello.cipherSuites) } c.cipherSuite = hs.suite.id diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go index 119c699..2242e5c 100644 --- a/handshake_server_tls13.go +++ b/handshake_server_tls13.go @@ -18,6 +18,7 @@ import ( "crypto/x509" "encoding/binary" "errors" + "fmt" "hash" "io" "math/big" @@ -243,7 +244,8 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error { } if hs.suite == nil { c.sendAlert(alertHandshakeFailure) - return errors.New("tls: no cipher suite supported by both client and server") + return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x", + hs.clientHello.cipherSuites) } c.cipherSuite = hs.suite.id hs.hello.cipherSuite = hs.suite.id