Nasty bug in OpenSSL 1.1.1 < d that can affect syncthing

This is just an advisory, so that people are aware (and there’s something to point them to).

There was a bug in OpenSSL (serverside code) which can cause TLS handshake failures with Go clients. The following setup is affected by this bug:

  • OpenSSL 1.1.1 branch older than 1.1.1d (e.g 1.1.1c/b/a)
  • TLS v1.3 enabled in the OpenSSL server
  • OCSP stapling enabled in OpenSSL
  • The server requests a client certificate

In the above configuration, any Go client using TLS 1.3 (e.g Go 1.13 and higher) immediatly fails the TLS handshake. A succesfull connection cannot be established.

Typical setups that run in the above requirements are nginx or apache reverse proxys serving a syncthing discovery server.

A user reported that nginx logs the bug like this:

peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client:, server:

Fixing this requires to either turn of OCSP stapling or updating OpenSSL to 1.1.1d (or newer). I know that Debian ships a patched version (they ship 1.1.1d in stable), but I don’t know the status of other distributions.

More information about the bug on GitHub: Original bug, discussion in Go’s issue tracker about the same thing and my duplicate of the same bug.

1 Like