[Bug 1704585] Re: I'm getting error: SSL3_GET_RECORD:decryption failed or bad record mac
als
1704585 at bugs.launchpad.net
Sat Jul 15 19:10:42 UTC 2017
** Description changed:
- I have my own server (where I'm running Apache/2.4.27), and today I
- realized that from (Brave and Google Chrome - different computers) I'm
- getting from my websites this error;
+ Adter so many tries to solve this issue we were unable to find a
+ solution. So from that point we assumed that it can be a possible bug.
- This site can’t provide a secure connection
+ It was tested on Apache/2.4.27
- mywebsite.com sent an invalid response.
- ERR_SSL_PROTOCOL_ERROR
+ lsb_release -rd
- And the strange thing is that I'm getting this error every fifth click
- on my website.
+ Description: Ubuntu 14.04.5 LTS
+ Release: 14.04
- From my conf file:
+ OpenSSL version 1.1.0f
- SSLEngine on
- SSLCertificateFile /etc/letsencrypt/live/mywebsite/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- SSLCertificateChainFile /etc/letsencrypt/live/mywebsite/chain.pem
- SSLCompression off
-
- from options-ssl-apache.conf;
+ Our options-ssl-apache.conf;
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCompression off
- I have checked log file from website but nothing, also nothing here;
- /var/log/apache2/error.log
+ We tried to manipulate and change CipherSuite but same error will appear
+ always.
- I'm trying to figure out what is causing this error, any ideas where can
- I find more info or even better, how to solve this problem?
-
- EDIT:
If I try openssl s_client -connect mywebsite.com:443, it will return:
I'm using: OpenSSL 1.1.0f
CONNECTED(00000003)
...
3073276480:error:1408F119:SSL routines:ssl3_get_record:decryption failed
or bad record mac:../ssl/record/ssl3_record.c:469:
apt-cache policy openssl
+
openssl:
- Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
- Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
- Version table:
- *** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
- 500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
- 100 /var/lib/dpkg/status
- 1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
- 500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
- 1.0.1f-1ubuntu2.22 0
- 500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
- 500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
- 1.0.1f-1ubuntu2 0
- 500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
-
- lsb_release -rd
-
- Description: Ubuntu 14.04.5 LTS
- Release: 14.04
+ Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
+ Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
+ Version table:
+ *** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
+ 500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
+ 100 /var/lib/dpkg/status
+ 1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
+ 500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
+ 1.0.1f-1ubuntu2.22 0
+ 500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
+ 500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
+ 1.0.1f-1ubuntu2 0
+ 500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
- I have tried so many things but no solution yet, so I think this is a possible bug.
-
- Full debate about this issue is here:
- https://serverfault.com/questions/859987/im-getting-error-ssl3-get-
- recorddecryption-failed-or-bad-record-mac
+ Full debate about this issue is here (also some other users suspected a bug): https://serverfault.com/questions/859987/im-getting-error-ssl3-get-recorddecryption-failed-or-bad-record-mac
** Description changed:
Adter so many tries to solve this issue we were unable to find a
solution. So from that point we assumed that it can be a possible bug.
It was tested on Apache/2.4.27
lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04
OpenSSL version 1.1.0f
Our options-ssl-apache.conf;
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCompression off
We tried to manipulate and change CipherSuite but same error will appear
always.
-
If I try openssl s_client -connect mywebsite.com:443, it will return:
-
- I'm using: OpenSSL 1.1.0f
CONNECTED(00000003)
...
3073276480:error:1408F119:SSL routines:ssl3_get_record:decryption failed
or bad record mac:../ssl/record/ssl3_record.c:469:
+
apt-cache policy openssl
openssl:
Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
Version table:
*** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
100 /var/lib/dpkg/status
1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
1.0.1f-1ubuntu2.22 0
500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
1.0.1f-1ubuntu2 0
500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
-
- Full debate about this issue is here (also some other users suspected a bug): https://serverfault.com/questions/859987/im-getting-error-ssl3-get-recorddecryption-failed-or-bad-record-mac
+ Full debate about this issue is here (also some other users suspected a
+ bug): https://serverfault.com/questions/859987/im-getting-error-ssl3
+ -get-recorddecryption-failed-or-bad-record-mac
** Summary changed:
- I'm getting error: SSL3_GET_RECORD:decryption failed or bad record mac
+ SSL3_GET_RECORD:decryption failed or bad record mac
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1704585
Title:
SSL3_GET_RECORD:decryption failed or bad record mac
Status in openssl package in Ubuntu:
New
Bug description:
Adter so many tries to solve this issue we were unable to find a
solution. So from that point we assumed that it can be a possible bug.
It was tested on Apache/2.4.27
lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04
OpenSSL version 1.1.0f
Our options-ssl-apache.conf;
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCompression off
We tried to manipulate and change CipherSuite but same error will
appear always.
If I try openssl s_client -connect mywebsite.com:443, it will return:
CONNECTED(00000003)
...
3073276480:error:1408F119:SSL routines:ssl3_get_record:decryption
failed or bad record mac:../ssl/record/ssl3_record.c:469:
apt-cache policy openssl
openssl:
Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
Version table:
*** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
100 /var/lib/dpkg/status
1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
1.0.1f-1ubuntu2.22 0
500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
1.0.1f-1ubuntu2 0
500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
Full debate about this issue is here (also some other users suspected
a bug): https://serverfault.com/questions/859987/im-getting-error-ssl3
-get-recorddecryption-failed-or-bad-record-mac
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1704585/+subscriptions
More information about the foundations-bugs
mailing list