crypto/tls: SMTP connection timeout in Go Version 1.23

[littlerest1]

Go version

go version go1.23.2 darwin/arm64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/yanz1/Library/Caches/go-build'
GOENV='/Users/yanz1/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/yanz1/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/yanz1/go'
GOPRIVATE=''
GOPROXY=''
GOROOT='/opt/homebrew/Cellar/go@1.22/1.23.2/libexec'
GOSUMDB='off'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/opt/homebrew/Cellar/go@1.23/1.23.2/libexec/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.23.2'
GCCGO='gccgo'
AR='ar'
CC='cc'
CXX='c++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/s4/j38_716j1q1dmb564z0ynfq00000gq/T/go-build782530738=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Was using library crypto/tls and net for smtp dialing and communication
the code is working fine in MacOs arm64 system. However the binary file built by command env GOOS=linux GOARCH=amd64 go build -o and run in AWS Linux EC2 instance will receive read tcp: timeout issue. This issue is resolved by downgrading the Go version to 1.22.

package main

import (
	"crypto/tls"
	"io"
	"fmt"
	"log"
	"net"
	"strings"
	"time"
)

func main() {
	smtpHost := "PRIVATE HOST"
	smtpPort := "587"

	tlsConfig := &tls.Config{
		ServerName: smtpHost,
	}

	dialer := &net.Dialer{
		Timeout: 10 * time.Second,
	}
	conn, err := dialer.Dial("tcp", smtpHost+":"+smtpPort)

	if err != nil {
		log.Fatal("failed to create tlsDialer:", "error", err)
	}

	fmt.Fprintf(conn, "STARTTLS\r\n")
	buf := make([]byte, 0, 4096) // big buffer
	tmp := make([]byte, 256)     // using small tmo buffer for demonstrating
	for {
		n, err := conn.Read(tmp)
		log.Println(string(tmp))
		if err != nil {
			if err != io.EOF {
				log.Fatal("read error:", err)
			}
			break
		}
		if strings.Contains(string(tmp), "Go ahead with TLS") {
			client := tls.Client(conn, tlsConfig)
			fmt.Fprintf(client, "AUTH LOGIN\r\n") // Time out happens here. Tried to send`HLEO` also received timeout issue
			log.Println("Start TLS connection and request AUTH")
		}

		///log.Println("got", string(tmp))
		buf = append(buf, tmp[:n]...)
	}
	log.Println("total size:", len(buf))

}

What did you see happen?

{
    "time": "2025-01-07T09:16:34.914889396Z",
    "level": "WARN",
    "msg": "error while sending email",
    "error": "read tcp 10.33.124.75:46246->10.248.46.8:587: read: connection timed out"
}

What did you expect to see?

AUTH LOGIN command successfully send after STARTTLS command and receive the request for username and password for further authentication

[gabyhelp]

Related Issues

• net/smtp: SendMail blocked at smtp.Client.StartTLS #67867 (closed)
• dev.boringcrypto: Unable to connect to a server using the `tls.TLS_RSA_WITH_AES_256_CBC_SHA` CipherSuite #44050
• crypto/tls: TLS handshake timeout #44267 (closed)
• crypto/tls: TLS handshake swallows errors #14539 (closed)
• x/crypto/ssh: Why does the timeout parameter only work on tcp establishment? #50046 (closed)
• net/smtp: NewClient should initialize tls based on the incoming connection type #22166 (closed)
• crypto/tls: Dial error message does not give much context #34197
• crypto/tls: remote error: tls: handshake failure #46270 (closed)
• x/crypto/ssh: Dial function with ClientConfig Timeout got stuck #46536 (closed)

Related Discussions

• TLS Handshake fail

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[ianlancetaylor]

CC @golang/security

[seankhliao]

maybe the same as #70232