Golang TLS handshake error - "first record does not look like a TLS handshake"?

Question

Client-side code

tlsconf := &tls.Config{InsecureSkipVerify: true}
creds := credentials.NewTLS(tlsconf)
opts = append(opts, grpc.WithTransportCredentials(creds))
conn, err := grpc.Dial(endpoint, opts...)
// handle error and other cases

The server registers the service properly. The code for that is given below.

if err := s.registerServices(); err != nil {
        err = errors.Wrap(err, "unable to register services")
        return err
    }

Here s is my s *Server (a pointer to my struct).

type Server struct {
    s        *grpc.Server
    conf     *config
    listener net.Listener
}

But when I try to serve the request using s.Serve(), it gives me this tls handshake error:

transport: authentication handshake failed: tls: first record does not look like a TLS handshake

Answer 1

Your creds seems weird. I saw this error when I tried sending secured data on an unsecured connection.

Looking at the documentation - you're misusing the config:

    // InsecureSkipVerify controls whether a client verifies the server's
    // certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
    // accepts any certificate presented by the server and any host name in that
    // certificate. In this mode, TLS is susceptible to machine-in-the-middle
    // attacks unless custom verification is used. This should be used only for
    // testing or in combination with VerifyConnection or VerifyPeerCertificate.

Try using instead this DialOption:

grpc.WithInsecure()

So to be precise:

address := ...
conn, err := grpc.Dial(address, grpc.WithInsecure())