Encountering thousands of TLS handshake errors.

Using a go https server with a cloudflare origin certificate, i've never encountered any connection issues, however when i review request logs for my server, i notice several thousand failed tls handshake errors which look like this: [Info] 01:50:09 server.go:3212: http: TLS handshake error from 162.158.255.138:29083: EOF of course the cloudflare ip can vary. if anyone knows what could cause this issue i would be very grateful to hear any solutions to this problem.
4 Replies
Idle
IdleOP•11mo ago
as a side note, the usual network traffic for my domain lies within 600 requests per day, not 3000+ 🤔
vale
vale•11mo ago
https://github.com/golang/go/issues/61721 Might be related to the ciphers in use?
GitHub
net/http: EOF during TLS handshake · Issue #61721 · golang/go
The reported EOF error, happens when tls.ClientAuth is set to tls.VerifyClientCertIfGiven - if no certificate is provided or request comes from any browser it throws this error, and it should not g...
Idle
IdleOP•11mo ago
i havent specified any ciphers. now ive specified any ECDH ciphers since the origin certificate uses an elliptic key, but i still run into the same EOF tls handshake error previous:
var s = &http.Server{
Addr: ":443",
Handler: &middleware.Handler{},
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS13,
InsecureSkipVerify: false,
},
ErrorLog: log.Default(),
}
var s = &http.Server{
Addr: ":443",
Handler: &middleware.Handler{},
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS13,
InsecureSkipVerify: false,
},
ErrorLog: log.Default(),
}
current:
var Ciphers = []uint16{
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_CHACHA20_POLY1305_SHA256,

tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
}

var s = &http.Server{
Addr: ":443",
Handler: &middleware.Handler{},
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS13,
InsecureSkipVerify: false,
ClientAuth: tls.NoClientCert,
CipherSuites: Ciphers,
},
ErrorLog: log.Default(),
}
var Ciphers = []uint16{
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_CHACHA20_POLY1305_SHA256,

tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
}

var s = &http.Server{
Addr: ":443",
Handler: &middleware.Handler{},
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS13,
InsecureSkipVerify: false,
ClientAuth: tls.NoClientCert,
CipherSuites: Ciphers,
},
ErrorLog: log.Default(),
}
Want results from more Discord servers?
Add your server