It appears that OpenSSL on Ubuntu 18.04 has a bug in it. When servers running using this version of OpenSSL try to speak with a Go client, using TLS 1.3, and with OCSP Stapling, the connection establishment will fail. The only documented fixes in the ticket are: 1. Upgrade OpenSSL; or 2. Disable TLS 1.3; or 3: Disable OCSP stapling.
The first option isn't super available to us, Canonical would have to do the upgrade, and there would still be older copies of their OS floating around without the fix. For us to unbreak the Go clients, we'd need to either disable TLS 1.3 or OCSP Stapling by default on that platform.
- is related to
-
PYTHON-3042 Migrate OCSP testing to Ubuntu 20.04
-
- Closed
-
- related to
-
SERVER-56848 RHEL 8.0 Server with OCSP and TLS fails to work
-
- Closed
-
-
GODRIVER-1961 Run OCSP Evergreen tasks on RHEL 7.0
-
- Closed
-