Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56848

RHEL 8.0 Server with OCSP and TLS fails to work

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
    • ALL
    • Security 2021-05-31

      When trying to switch the Go driver to run OCSP stapling tests against RHEL 8.0 instead of Ubuntu 18.04, we found similar issues to SERVER-51364.

      It looks like OpenSSL on RHEL 8.0 might also have a bug in it. When servers running using this version of OpenSSL try to speak with a Go client with OCSP Stapling, the connection establishment will fail with "tls: unexpected message".

      This problem is very similar to the one in Ubuntu 18.04, so they may be related. Note that OCSP stapling seems to work just fine on RHEL 7.0, so the Go driver will test our OCSP functionality against that for now. Here are failures with stapling with RHEL 8.0 and the Go driver, and here are the same tests succeeding on RHEL 7.0.

            shreyas.kalyan@mongodb.com Shreyas Kalyan
            benji.rewis@mongodb.com Benji Rewis (Inactive)
            0 Vote for this issue
            4 Start watching this issue