Red Hat Bugzilla – Bug 450265
SSL negotiation failed: SSL alert received: bad record MAC
Last modified: 2010-03-23 17:13:48 EDT
Description of problem:
I'm hitting the problem, as specified in:
Q: When performing Subversion operations involving a lot of data over SSL, I get
the error SSL negotiation failed: SSL error: decryption failed or bad record mac.
A: This can occur due to a problem with OpenSSL 0.9.8. Downgrading to an older
version (or possibly upgrading to a newer version) is known to fix this issue.
Any chance to get an upgrade/downgrade/patch?
Version-Release number of selected component (if applicable):
Quite systematically, but not always.
Steps to Reproduce:
Checkout from subversion server.
The error occurs
The checkout should work
This is a bit critical, so any suggestions on workarounds will be very appreciated.
I do not think this is the same problem as mentioned in the FAQ. I think that
the OpenSSL versions affected by the problem were some older versions from the
This error might be caused by a buggy network hardware which is mangling the
packets between the client and server.
(In reply to comment #1)
> I do not think this is the same problem as mentioned in the FAQ. I think that
> the OpenSSL versions affected by the problem were some older versions from the
> 0.9.8 branch.
> This error might be caused by a buggy network hardware which is mangling the
> packets between the client and server.
We have 3 other (identical) F8 machines which do not show the problem.
They have, BTW, openssl 0.9.8b-17.
Of course, it could be a coincidence, but only the F9 one seems to be affected.
Any idea or suggestion on how could we determine if it is a HW or SW problem?
"ifconfig" does not show any error/drop/overrun, but I do not know if this is a
Needless to say, this is a showstopper for the F8->F9 transition.
The only way how to find out is to downgrade the F9 machine to openssl-0.9.8b +
svn linked to the old version. Or to upgrade some other F8 machine to F9
temporarily to test whether it will start exhibit the buggy behavior or not.
OK, some notes.
First the (correct) error I receive on "svn co https://myssvnserve/myrepo" is:
svn: PROPFIND request failed on 'myrepo'
svn: PROPFIND of 'myrepo': SSL negotiation failed: SSL alert received: Bad
record MAC (https://myserver)
I change the summary accordingly.
Second, I tried to just replace /lib/openssl.so.XXX with the F8 one and,
consequently, libcrypto.so.XXX, with no success, i.e. same problem.
Third, this happens on "svn co" on a new repository, another old one accepts
happily "svn up".
It still seems like something is mangling packets on the way.
It seems it was a server openssl issue, clashing with the F9 openssl.
Fixing the server sent the problem away.
I close the bug.
Yea, this does appear to be a hardware issue. I switch from using my wireless adapter to a wired LAN and this seemed to have resolved the issue.