Does this issue reproduce with the latest release?
What operating system and processor architecture are you using (go env)?
What did you do?
I generated ECDSA private key with OpenSSL 1.1.1g using req -newkey. It asked for a password and encrypted the key. However, it didn't add headers like "Proc-Type" and "DEK-Info". If I decrypt the key using OpenSSL, it is usable for Go TLS, but Go itself cannot decrypt it.
Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.
So my key is encrypted using PBES2. It seems to be default for openssl pkey, openssl req and maybe some other sub-commands.