tls doesn't get enabled
Closed this issue · 4 comments
Description
Although tls is enabled in the settings and the required cert/key files are also present in the app directory, tls doesn't get enabled. It seems like the options for enabling tls are ignored, since removing the cert/key files will also not raise any errors, although speedtest-go should try to open them.
Server
Server is a simple CentOS 7VM, nothing special about it.
Client
Tried several clients like, Safari and FF on macOS.
Steps to reproduce
- Download latest build for AMD64
- setup the app and configure it
- plain HTTP works, HTTPS gives an error. openssl also states no tls negotiating
Expected behaviour
HTTPS/TLS working using the provided cert/key files
settings.toml
`
bind address, use empty string to bind to all interfaces
bind_address=""
backend listen port
listen_port=80
proxy protocol port, use 0 to disable
proxyprotocol_port=0
Server location
server_lat=-10.1
server_lng=53
ipinfo.io API key, if applicable
ipinfo_api_key=""
assets directory path, defaults to assets in the same directory
assets_path=".assets"
password for logging into statistics page
statistics_password="dontgimmethat"
redact IP addresses
redact_ip_addresses=false
database type for statistics data, currently supports: none, memory, bolt, mysql, postgresql
if none is specified, no telemetry/stats will be recorded, and no result PNG will be generated
database_type="bolt"
database_hostname=""
database_name=""
database_username=""
database_password=""
if you use bolt as database, set database_file to database file location
database_file="speedtest.db"
TLS and HTTP/2 settings. TLS is required for HTTP/2
enable_tls=true
enable_http2=true
if you use HTTP/2 or TLS, you need to prepare certificates and private keys
tls_cert_file="cert.pem"
tls_key_file="privkey.pem"
`
When trying to connect to port 80 using openssl, this is the result:
`
openssl s_client -connect arpguard-sensor-jvmn.jvm.de:80 -crlf
CONNECTED(00000005)
8628868780:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/Library/BuildRoots/b6051351-c030-11ec-96e9-3e7866fcf3a1/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:386:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1653206557
Timeout : 7200 (sec)
Verify return code: 0 (ok)
`
Hi. I implemented the TLS option for speedtest-go at #39.
Can you tell me a little more about your execution environment?
Note that the TLS option has not yet been applied to the released version; If you want to use the TLS feature, you need to build manualy from the latest master branch source code.
Why is the new version not released? Was the last released version last year?
Hi. I implemented the TLS option for speedtest-go at #39. Can you tell me a little more about your execution environment? Note that the TLS option has not yet been applied to the released version; If you want to use the TLS feature, you need to build manualy from the latest master branch source code.
Ahh, yes - that may be the cause. I only used the release version, which I deployed on some Linux hosts. I see, that you have released a new version some days ago - I will check that out.