[openssl-dev] [openssl.org #3851] bug report; error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Gola, Shailender K shailender.gola at verizon.com
Mon May 18 22:45:56 UTC 2015 

Thanks for the timely response... below is version we are using. I also must point out that we are currently using 0.9.8g for several years, I tried to upgrade to .9.8zf, and several 1.0.x versions and had the same error. The "./Configure solaris-x86-cc" was used to install openssl. Also below is 0.9.8g version which is in use currently. 

This is the version with issue (also 0.9.8zf and several 1.0.x has same errors)

/home/v316509/ssl/openssl-1.0.2a/apps>./openssl version -a
OpenSSL 1.0.2a 19 Mar 2015
built on: reproducible build, date unspecified
platform: solaris-sparcv9-cc
options:  bn(64,32) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr) 
compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
/home/v316509/ssl/openssl-1.0.2a/apps>


This is the version in use with no issues :

/home/v336761/openssl/openssl-0.9.8g/apps>./openssl version -a
OpenSSL 0.9.8g 19 Oct 2007
built on: Mon May 18 18:14:46 EDT 2015
platform: solaris-x86-cc
options: bn(64,32) md2(int) rc4(ptr,char) des(ptr,cisc,16,long) idea(int) blowfish(ptr) 
compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
OPENSSLDIR: "/home/v336761/openssl/openssl-0.9.8g"



-----Original Message-----
From: Andy Polyakov via RT [mailto:rt at openssl.org] 
Sent: Monday, May 18, 2015 4:55 PM
To: Gola, Shailender K
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #3851] bug report; error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

> I am getting following error connecting to a server running on Solaris 10 only from other platform (Linux, HP, Windows). Connection is dropped by Solaris server after 1408F119 error.
> 
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
> record mac
> 
> (this is also true in all other version which support SHA2 and 
> TLS1/1.1/1.2, i.e. 0.9.8zf)
> 
> client side gets : error:140943FC:SSL routines:ssl3_read_bytes:sslv3 
> alert bad record mac
> 
> All platforms are using openssl 1.0.2a.

Including SPARC Solaris one? Is it correctly understood? If so, you probably have compiled it yourself. In such case, which compiler and next question would be how do we know it's not a compiler bug? Or in other words question is if you can confirm that problem persists even if you drop optimization level [when compiling OpenSSL].

> There are no issues connecting to/from other platforms except to server running on Solaris.
> 
> /home/v316509>cat /etc/release
> Solaris 10 11/06 s10s_u3wos_10 SPARC
> Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
> Use is subject to license terms.
> Assembled 14 November 2006
> 
> /home/v316509>uname -a
> SunOS uittqda1 5.10 Generic_148888-05 sun4u sparc SUNW,Sun-Fire-V240

Provide even output from 'openssl version -a'.

More information about the openssl-dev mailing list