SSL issues since BoringSSL release v20.1.0 with LetsEncrypt SSL certificate.

[mattoz0]

Just letting you know we have been troubleshooting an SSL issue over here: https://github.com/soketi/soketi/issues/449 I have found that i can resolve these issues by dropping back to the version just before BoringSSL was implemented. I'll try to give as much information to help troubleshoot the issue.

Essentially i have some SSL certificates generated from LetsEncrypt that i use that are mounted to a Docker container. The location of these certificates are injected into the docker container and used when creating a new uWS instance.

Roughly how the ssl certificates are injected to uWS. If you need more detail look here https://github.com/soketi/soketi/blob/master/src/server.ts

let server = uWS.SSLApp({
                        key_file_name: process.env.SSL_KEY,
                        cert_file_name: process.env.SSL_CERT,
                    });

docker-compose.yml

echo:
    container_name: echo
    image: 'quay.io/soketi/soketi:latest-16-alpine'
    environment:
      SSL_CERT: /etc/nginx/ssl/fullchain.pem
      SSL_KEY: /etc/nginx/ssl/privkey.pem
    ports:
      - '6001:6001'
    volumes:
      - ./docker/nginx/ssl/fullchain.pem:/etc/nginx/ssl/fullchain.pem:rw,delegated
      - ./docker/nginx/ssl/privkey.pem:/etc/nginx/ssl/privkey.pem:rw,delegated

Let me know if you need more details, i guess the primary details i believe are important are:

• The certificates are LetsEncrypt
• OpenSSL was working (everything before v20.1.0), so issue would be with BoringSSL implementation

Less important details:

• in docker container
• alpine image
• volume mounts (could be something weird like permissions or latency).
• node version v16.14.2

[ghost]

Alpine is definitely not supported and it shouldn't even run there