Bug 450265 - SSL negotiation failed: SSL alert received: bad record MAC
SSL negotiation failed: SSL alert received: bad record MAC
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
9
All Linux
low Severity urgent
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-06 05:42 EDT by Piergiorgio Sartor
Modified: 2010-03-23 17:13 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-10 07:13:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Piergiorgio Sartor 2008-06-06 05:42:25 EDT
Description of problem:
I'm hitting the problem, as specified in:

http://subversion.tigris.org/faq.html

Q: When performing Subversion operations involving a lot of data over SSL, I get
the error SSL negotiation failed: SSL error: decryption failed or bad record mac.

A: This can occur due to a problem with OpenSSL 0.9.8. Downgrading to an older
version (or possibly upgrading to a newer version) is known to fix this issue.


Any chance to get an upgrade/downgrade/patch?

Version-Release number of selected component (if applicable):
0.9.8g-9.i686

How reproducible:
Quite systematically, but not always.

Steps to Reproduce:
1.
Checkout from subversion server.
  
Actual results:
The error occurs

Expected results:
The checkout should work

Additional info:
This is a bit critical, so any suggestions on workarounds will be very appreciated.
Thanks!
Comment 1 Tomas Mraz 2008-06-06 06:01:59 EDT
I do not think this is the same problem as mentioned in the FAQ. I think that
the OpenSSL versions affected by the problem were some older versions from the
0.9.8 branch.
This error might be caused by a buggy network hardware which is mangling the
packets between the client and server.
Comment 2 Piergiorgio Sartor 2008-06-06 07:53:17 EDT
(In reply to comment #1)
> I do not think this is the same problem as mentioned in the FAQ. I think that
> the OpenSSL versions affected by the problem were some older versions from the
> 0.9.8 branch.
> This error might be caused by a buggy network hardware which is mangling the
> packets between the client and server.

We have 3 other (identical) F8 machines which do not show the problem.
They have, BTW, openssl 0.9.8b-17.

Of course, it could be a coincidence, but only the F9 one seems to be affected.

Any idea or suggestion on how could we determine if it is a HW or SW problem?
"ifconfig" does not show any error/drop/overrun, but I do not know if this is a
sufficient verification.

Needless to say, this is a showstopper for the F8->F9 transition.

Thanks,

pg
Comment 3 Tomas Mraz 2008-06-06 08:56:19 EDT
The only way how to find out is to downgrade the F9 machine to openssl-0.9.8b +
svn linked to the old version. Or to upgrade some other F8 machine to F9
temporarily to test whether it will start exhibit the buggy behavior or not.
Comment 4 Piergiorgio Sartor 2008-06-06 10:49:52 EDT
OK, some notes.
First the (correct) error I receive on "svn co https://myssvnserve/myrepo" is:

svn: PROPFIND request failed on 'myrepo'
svn: PROPFIND of 'myrepo': SSL negotiation failed: SSL alert received: Bad
record MAC (https://myserver)

I change the summary accordingly.

Second, I tried to just replace /lib/openssl.so.XXX with the F8 one and,
consequently, libcrypto.so.XXX, with no success, i.e. same problem.

Third, this happens on "svn co" on a new repository, another old one accepts
happily "svn up".

Any ideas?

Thanks,

pg
Comment 5 Tomas Mraz 2008-06-06 11:13:15 EDT
It still seems like something is mangling packets on the way.
Comment 6 Piergiorgio Sartor 2008-06-10 07:13:20 EDT
It seems it was a server openssl issue, clashing with the F9 openssl.
Fixing the server sent the problem away.
I close the bug.

Thanks again!

pg
Comment 7 Vikram Nayak 2010-03-23 17:13:48 EDT
Yea, this does appear to be a hardware issue. I switch from using my wireless adapter to a wired LAN and this seemed to have resolved the issue.

Note You need to log in before you can comment on or make changes to this bug.