Gentoo Archives: gentoo-user

From: Simon <turner25@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] SSL giving corrupted MAC on input
Date: Mon, 06 Jul 2009 16:31:42
Message-Id: 5f14cf5e0907060931l2b59bc8pc0c53e6c3a569790@mail.gmail.com
1 Hi there!
2 I'm getting this issue where even very small transfers through ssh
3 will cause this error message: Corrupted MAC on input. I've done my
4 homework and found out this is not necessarily related to the network
5 hardware as TCP would retransmit such corrupted packets, moreover the
6 error message is clearly related to ssh as googling proves this.
7
8 A quick troubleshooting i've done was to setup apache and simply
9 wget a very large file over plain HTTP. Transfer worked, i did it a
10 second time and diff'ed the two downloads, they were the same. I then
11 did the same test over HTTPS and got an error
12 (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified
13 the problem is much more related to SSL than anything else.
14
15 A quick glance at `emerge -vp openssl` showed an issue: it had been
16 compiled with sse2 support while this computer's cpu didnt support
17 that. Changed use flags and recompiled, restarted ssh and apache.
18 They both continued giving the same error. I finally rebooted the
19 machine, in case, but same issue still... The only use flag for
20 openssl now is zlib.
21
22 What is also pretty strange about the issue, is i haven't touched
23 the kernel in a long time and i usually do all my gentoo updates on
24 monday. The problem must have happened since last monday's updates,
25 but i dont monitor those very much, all i care is everything went fine
26 and that revdep-rebuild says i'm good to go. I've done many emerges
27 since then so i cant figure out a way to see what has been updated
28 recently.
29
30 A bit of background: That PC runs kernel 2.6.24, it's my slowest pc
31 (used for backups mostly) P3 @ 450Mhz, it's got 128MB of ram. Some
32 programes have been unmasked, but none that have any relationship with
33 openssl are, everything dealing with that is stable. Doing `find
34 /usr/portage/distfiles -ctime -10` (should give me the files
35 downloaded within last 10 days, right?) it shows a few files but glibc
36 is the only that i can see has relationship with issue...
37
38 Anyone can help troubleshoot some more?

Replies

Subject Author
[gentoo-user] Re: SSL giving corrupted MAC on input Simon <turner25@×××××.com>
Re: [gentoo-user] SSL giving corrupted MAC on input Paul Colquhoun <paulcol@×××××××××××××××××.au>