crypto/tls: add offered cipher suites to the handshake error

This change makes debugging easier if the server handshake fails because the client only offers unsupported algorithms. Change-Id: I7daac173a16af2e073aec3d9b59709560f540c6f Reviewed-on: https://go-review.googlesource.com/c/go/+/631555 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
2025-08-22 22:48:36 +00:00 · 2025-05-10 23:33:34 -04:00 · 2025-05-10 23:33:34 -04:00 · 5b2edd4705
commit 5b2edd4705
parent 5052e9a93c
2 changed files with 5 additions and 2 deletions
--- a/handshake_server.go
+++ b/handshake_server.go
@ -374,7 +374,8 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
 	hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk)
 	if hs.suite == nil {
 		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: no cipher suite supported by both client and server")
+		return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
 			hs.clientHello.cipherSuites)
 	}
 	c.cipherSuite = hs.suite.id
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@ -18,6 +18,7 @@ import (
 	"crypto/x509"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"hash"
 	"io"
 	"math/big"
@ -243,7 +244,8 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	}
 	if hs.suite == nil {
 		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: no cipher suite supported by both client and server")
+		return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
 			hs.clientHello.cipherSuites)
 	}
 	c.cipherSuite = hs.suite.id
 	hs.hello.cipherSuite = hs.suite.id