Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-51364

Ubuntu 18.04 Server with OCSP and TLS fails to work

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.9.0, 4.4.6
    • Affects Version/s: None
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • v4.4
    • Security 2020-12-14, Security 2021-01-11

      It appears that OpenSSL on Ubuntu 18.04 has a bug in it. When servers running using this version of OpenSSL try to speak with a Go client, using TLS 1.3, and with OCSP Stapling, the connection establishment will fail. The only documented fixes in the ticket are: 1. Upgrade OpenSSL; or 2. Disable TLS 1.3; or 3: Disable OCSP stapling.

      The first option isn't super available to us, Canonical would have to do the upgrade, and there would still be older copies of their OS floating around without the fix. For us to unbreak the Go clients, we'd need to either disable TLS 1.3 or OCSP Stapling by default on that platform.

            Assignee:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Reporter:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: