Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-51364

Ubuntu 18.04 Server with OCSP and TLS fails to work

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.9.0, 4.4.6
    • Security
    • None
    • Fully Compatible
    • ALL
    • v4.4
    • Security 2020-12-14, Security 2021-01-11

    Description

      It appears that OpenSSL on Ubuntu 18.04 has a bug in it. When servers running using this version of OpenSSL try to speak with a Go client, using TLS 1.3, and with OCSP Stapling, the connection establishment will fail. The only documented fixes in the ticket are: 1. Upgrade OpenSSL; or 2. Disable TLS 1.3; or 3: Disable OCSP stapling.

      The first option isn't super available to us, Canonical would have to do the upgrade, and there would still be older copies of their OS floating around without the fix. For us to unbreak the Go clients, we'd need to either disable TLS 1.3 or OCSP Stapling by default on that platform.

      Attachments

        Issue Links

          Activity

            People

              shreyas.kalyan@mongodb.com Shreyas Kalyan
              shreyas.kalyan@mongodb.com Shreyas Kalyan
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: