Hello,
I'm newbie to Golang and need help with the below issue:
We are using third party product ( OpenBao a GO app ) and we are
encountering TLS handshake timeout when executing OpenBoa CLI against TLS
based OpenBao server.
OpenBao by default loads system CAs ( unless told to skip loading system
CAs ) :
*// loadSystemCAs loads the system's CA certificates into a pool.func
loadSystemCAs() (*x509.CertPool, error) { pool, err :=
x509.SystemCertPool() if err != nil { return nil, fmt.Errorf("Error loading
system CA certificates: %w", err) } return pool, nil}*
There's a TLS handshake timeout of 10sec in OpenBao.
On some of the Windows machines, we get into this TLS handshake timeout (
these machines don't have access to internet ) :
[image: Image]
bao cli did not send out changecipherspec and after 10secs client drops out.
- [image: Image]
On some other Windows machines( they have access to internet), boa cli had
no problem sending out Change Cipher Spec and within 10secs TLS handshake
was done.
As a POC, I modified Openbao to not load system CAs, executed on the
problematic Windows box and TLS handshake was successful.
The question is: why did Openbao loading of system CAs took so long to
load on problematic Windows machine? Could access to internet be a factor ?
Additionally, on the same machine:
- OpenSSL/Curl was able to connect successfully to OpenBao server
Appreciate any guidance. If there are any debugging or printouts I can add
please let me know.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/golang-nuts/202458b6-3610-4930-9650-d2490eba7cdfn%40googlegroups.com.
