Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-51364

Ubuntu 18.04 Server with OCSP and TLS fails to work

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.9.0, 4.4.6
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.4
    • Sprint:
      Security 2020-12-14, Security 2021-01-11
    • Case:

      Description

      It appears that OpenSSL on Ubuntu 18.04 has a bug in it. When servers running using this version of OpenSSL try to speak with a Go client, using TLS 1.3, and with OCSP Stapling, the connection establishment will fail. The only documented fixes in the ticket are: 1. Upgrade OpenSSL; or 2. Disable TLS 1.3; or 3: Disable OCSP stapling.

      The first option isn't super available to us, Canonical would have to do the upgrade, and there would still be older copies of their OS floating around without the fix. For us to unbreak the Go clients, we'd need to either disable TLS 1.3 or OCSP Stapling by default on that platform.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shreyas.kalyan Shreyas Kalyan
              Reporter:
              shreyas.kalyan Shreyas Kalyan
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: