Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenSSL error: sslv3 alert bad record mac (fwd)

4,560 views
Skip to first unread message

Jason A. Pfeil

unread,
May 12, 2004, 10:25:31 AM5/12/04
to
Greetings List!

My apologies for cross-posting this request, however since I have
receved exactly zero replies to this or my previous message, I fear that
my choice of list to send this to was wrong. To try and correct that
if necessary, and to hopefully receive some information, I have posted
this message to this list.

Please accept my apology if this message is not germane to this list,
but I have absolutely no idea what can cause this error, nor how to
remedy the problem. If anyone on this list can provide some information
or direction, I will be eternally grateful.

I wish everyone a pleasant day!

--
Jason A. Pfeil jason=at=jasonpfeil.com.NOSPAM

---------- Forwarded message ----------
Date: Tue, 4 May 2004 10:55:58 -0400 (EDT)
From: Jason A. Pfeil <pf...@jasonpfeil.com>
Reply-To: openss...@openssl.org
To: openss...@openssl.org
Subject: OpenSSL error: sslv3 alert bad record mac (fwd)

Hrm...I am curious if anyone on the list has any idea about what might
be going on with this error. I saw a prior thread that just ended over
a year ago with no resolution or explanation.

Thanks!

--
Jason A. Pfeil jason=at=jasonpfeil.com.NOSPAM

---------- Forwarded message ----------
Date: Thu, 22 Apr 2004 14:47:16 -0400 (EDT)
From: Jason A. Pfeil <pf...@jasonpfeil.com>
To: openss...@openssl.org
Subject: OpenSSL error: sslv3 alert bad record mac

Greetings, List!

I am having difficulty with pine connecting from one of my machines to
my SSL IMAP server. What happens is that when I start pine, it asks for
my password and I give it. It connects to the server and then tells me
that there was an error and the connection vanishes. Then I go back to
the folder list, reselect the folder, and voila! It works just fine.

When the first connection vanishes, I get this error in my logfile:

imapd-ssl: couriertls: read: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac

I have tracked this down with the courier-imap people and they can't
figure out the issue. I cannot replicate it with the exact same version
of pine and openssl on another box. I have rebuild openssl *and* pine
on the affected box many times.

I am using pine 4.58 and openssl:

% openssl version
OpenSSL 0.9.7d 17 Mar 2004

Pine is linked against it:

% ldd /usr/bin/pine
libldap.so.2 => /usr/lib/libldap.so.2 (0x40036000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x4006d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40079000)
libncurses.so.5 => /lib/libncurses.so.5 (0x4008b000)
libpam.so.0 => /lib/libpam.so.0 (0x400d0000)
libdl.so.2 => /lib/libdl.so.2 (0x400d8000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x400dc000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x400ef000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x40155000)
libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x4024f000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x40251000)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
libc.so.6 => /lib/libc.so.6 (0x40282000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x403b1000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x403c4000)


I am running gentoo linux and it is up to date as of a few days ago.

Any suggestions that anyone here may have will be *extremely* welcome.

Thanks!

--Jason

--
Jason A. Pfeil jason=at=jasonpfeil.com.NOSPAM
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

David Maurus

unread,
May 13, 2004, 7:54:43 AM5/13/04
to
Hi,

this (openssl-dev) is indeed the wrong list. openssl-users might be
better suited, but your problem seems to be application / configuration
related.

>imapd-ssl: couriertls: read: error:140943FC:SSL routines:
>SSL3_READ_BYTES:sslv3 alert bad record mac

I've had 'bad record mac' errors when I've tried to connect to an SSL v3
server;

- for the long story, see among others
http://www.mail-archive.com/opens...@openssl.org/msg11211.html

- or search for 'bad record mac' in the archive to see all related messages
http://www.mail-archive.com/opens...@openssl.org/

From the error message you've mentioned, your problem might be similar.
If so, it might help to look into the config files of your imap server
and pine, and make sure that you use TLS / SSL v3.1, and not limit usage
to SSLv3. And make sure to forbid the usage of SSL v2.0, as its usage
should be avoided (there are some attacks known against SSL v2.0).

Best Regards & Good luck,
David Maurus

Jason A. Pfeil wrote:

>Greetings List!
>
>My apologies for cross-posting this request, however since I have
>receved exactly zero replies to this or my previous message, I fear that
>my choice of list to send this to was wrong. To try and correct that
>if necessary, and to hopefully receive some information, I have posted
>this message to this list.
>
>Please accept my apology if this message is not germane to this list,
>but I have absolutely no idea what can cause this error, nor how to
>remedy the problem. If anyone on this list can provide some information
>or direction, I will be eternally grateful.
>
>I wish everyone a pleasant day!
>
>
>

______________________________________________________________________

0 new messages