[SERVER-56848] RHEL 8.0 Server with OCSP and TLS fails to work Created: 11/May/21  Updated: 19/May/21  Resolved: 19/May/21

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Benji Rewis (Inactive) Assignee: Shreyas Kalyan
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-51364 Ubuntu 18.04 Server with OCSP and TLS... Closed
Operating System: ALL
Sprint: Security 2021-05-31
Participants:

 Description   

When trying to switch the Go driver to run OCSP stapling tests against RHEL 8.0 instead of Ubuntu 18.04, we found similar issues to SERVER-51364.

It looks like OpenSSL on RHEL 8.0 might also have a bug in it. When servers running using this version of OpenSSL try to speak with a Go client with OCSP Stapling, the connection establishment will fail with "tls: unexpected message".

This problem is very similar to the one in Ubuntu 18.04, so they may be related. Note that OCSP stapling seems to work just fine on RHEL 7.0, so the Go driver will test our OCSP functionality against that for now. Here are failures with stapling with RHEL 8.0 and the Go driver, and here are the same tests succeeding on RHEL 7.0.



 Comments   
Comment by Shreyas Kalyan [ 19/May/21 ]

This issue is the same as the issue in SERVER-51364. However, unlike the solution implemented for Ubuntu 18.04, RHEL has backported the fix to their latest point release, RHEL 8.3. Closing this as won't fix.

Generated at Thu Feb 08 05:40:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.