This is just an advisory, so that people are aware (and there’s something to point them to).
There was a bug in OpenSSL (serverside code) which can cause TLS handshake failures with Go clients. The following setup is affected by this bug:
- OpenSSL
1.1.1branch older than1.1.1d(e.g 1.1.1c/b/a) - TLS
v1.3enabled in the OpenSSL server -
OCSP staplingenabled in OpenSSL - The server requests a
client certificate
In the above configuration, any Go client using TLS 1.3 (e.g Go 1.13 and higher) immediatly fails the TLS handshake. A succesfull connection cannot be established.
Typical setups that run in the above requirements are nginx or apache reverse proxys serving a syncthing discovery server.
A user reported that nginx logs the bug like this:
peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 1.2.3.4, server: 0.0.0.0:443
Fixing this requires to either turn of OCSP stapling or updating OpenSSL to 1.1.1d (or newer). I know that Debian ships a patched version (they ship 1.1.1d in stable), but I don’t know the status of other distributions.
More information about the bug on GitHub: Original bug, discussion in Go’s issue tracker about the same thing and my duplicate of the same bug.