-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls doesn't get enabled #42
Comments
Hi. I implemented the TLS option for speedtest-go at #39. |
Why is the new version not released? Was the last released version last year? |
Ahh, yes - that may be the cause. I only used the release version, which I deployed on some Linux hosts. I see, that you have released a new version some days ago - I will check that out. |
v1.1.5 released 15 days ago, just before @masx200 asked about it. |
Description
Although tls is enabled in the settings and the required cert/key files are also present in the app directory, tls doesn't get enabled. It seems like the options for enabling tls are ignored, since removing the cert/key files will also not raise any errors, although speedtest-go should try to open them.
Server
Server is a simple CentOS 7VM, nothing special about it.
Client
Tried several clients like, Safari and FF on macOS.
Steps to reproduce
Expected behaviour
HTTPS/TLS working using the provided cert/key files
settings.toml
`
bind address, use empty string to bind to all interfaces
bind_address=""
backend listen port
listen_port=80
proxy protocol port, use 0 to disable
proxyprotocol_port=0
Server location
server_lat=-10.1
server_lng=53
ipinfo.io API key, if applicable
ipinfo_api_key=""
assets directory path, defaults to
assets
in the same directoryassets_path=".assets"
password for logging into statistics page
statistics_password="dontgimmethat"
redact IP addresses
redact_ip_addresses=false
database type for statistics data, currently supports: none, memory, bolt, mysql, postgresql
if none is specified, no telemetry/stats will be recorded, and no result PNG will be generated
database_type="bolt"
database_hostname=""
database_name=""
database_username=""
database_password=""
if you use
bolt
as database, set database_file to database file locationdatabase_file="speedtest.db"
TLS and HTTP/2 settings. TLS is required for HTTP/2
enable_tls=true
enable_http2=true
if you use HTTP/2 or TLS, you need to prepare certificates and private keys
tls_cert_file="cert.pem"
tls_key_file="privkey.pem"
`
When trying to connect to port 80 using openssl, this is the result:
`
openssl s_client -connect arpguard-sensor-jvmn.jvm.de:80 -crlf
CONNECTED(00000005)
8628868780:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/Library/BuildRoots/b6051351-c030-11ec-96e9-3e7866fcf3a1/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:386:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1653206557
Timeout : 7200 (sec)
Verify return code: 0 (ok)
`
The text was updated successfully, but these errors were encountered: