If we get a TLS handshake error, recommend using the default suite

This commit is contained in:
Frank Denis 2018-04-10 11:26:31 +02:00
parent 6d2330eaf0
commit 19db1a1560
1 changed files with 4 additions and 0 deletions

View File

@ -270,6 +270,9 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil { if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
useGet = true useGet = true
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil { if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
if proxy.xTransport.tlsCipherSuite != nil && strings.Contains(err.Error(), "handshake failure") {
dlog.Warnf("TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file")
}
return ServerInfo{}, err return ServerInfo{}, err
} }
dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name) dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name)
@ -282,6 +285,7 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
if tls == nil || !tls.HandshakeComplete { if tls == nil || !tls.HandshakeComplete {
return ServerInfo{}, errors.New("TLS handshake failed") return ServerInfo{}, errors.New("TLS handshake failed")
} }
dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, tls.NegotiatedProtocol, tls.CipherSuite)
showCerts := len(os.Getenv("SHOW_CERTS")) > 0 showCerts := len(os.Getenv("SHOW_CERTS")) > 0
found := false found := false
var wantedHash [32]byte var wantedHash [32]byte