Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: SSL3 alert read:fatal:bad record mac |
|
| Author |
|
domme
Joined: 02 Oct 2012
Posts: 1
Location: Germany, Dortmund
|
 Posted: Tue 02 Oct '12 10:50 Post subject: SSL3 alert read:fatal:bad record mac |
 |
|
Hi,
I have an issue with an SSL connection to my Backend Server.
The environment:
SUSE Linux Enterprise Server 11 SP1 (x86_64) - Kernel \r (\l)
module mod_proxy
apache version OpenSSL 0.9.8j-fips 07 Jan 2009
Linux
HA openais
The backend server only listen to https.
After installing a new vhost i get the following error Message:
tested with openssl s_client -connect X.X.X.X:443 -state -debug
SSL3 alert read:fatal:bad record mac
SSL_connect:failed in SSLv3 read finished A
3449:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1094:SSL alert number 20
3449:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
When I testing with the following string andd ssl3 is forced than all works fine.
openssl s_client -connect X.X.X.X:443 -state -debug -ssl3
SSL handshake has read 5449 bytes and written 441 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DES-CBC3-SHA
Session-ID: D5EA42EB237C503BAFAFF34B191D420F
Session-ID-ctx:
Master-Key: E410C8A5B32A39F76XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
Start Time: 1349167264
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
read from 0x67c420 [0x698a80] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 18 .....
read from 0x67c420 [0x698a85] (24 bytes => 24 (0x18))
0000 - 72 31 30 db dc 3c 81 c9-e6 1c dd f3 ab fa 78 bb r10..<........x.
0010 - 3a 25 1e 0e df f8 74 0a- :%....t.
SSL3 alert read:warning:close notify
closed
write to 0x67c420 [0x69d290] (29 bytes => 29 (0x1D))
0000 - 15 03 00 00 18 66 fc fb-6f 6f 48 58 bb 0d d7 e5 .....f..ooHX....
0010 - 33 3f 8b 61 f8 99 8d 33-89 a8 15 9b 5b 3?.a...3....[
SSL3 alert write:warning:close notify
Any idea how to enforce ssl3 instead sslv2/sslv3? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 04 Oct '12 15:07 Post subject: |
|
|
| Do you get that message only with your openssl test or also in the browser and or in the apache error log? |
|
| Back to top |
|
|
|
|
|
|
