From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MNyq1-00075c-3n for garchives@archives.gentoo.org; Tue, 07 Jul 2009 00:47:13 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B449EE0670; Tue, 7 Jul 2009 00:47:11 +0000 (UTC) Received: from nschwmtas05p.mx.bigpond.com (nschwmtas05p.mx.bigpond.com [61.9.189.149]) by pigeon.gentoo.org (Postfix) with ESMTP id 3A3CDE0670 for ; Tue, 7 Jul 2009 00:47:11 +0000 (UTC) Received: from nschwotgx01p.mx.bigpond.com ([124.189.38.11]) by nschwmtas05p.mx.bigpond.com with ESMTP id <20090707004709.ODJV1928.nschwmtas05p.mx.bigpond.com@nschwotgx01p.mx.bigpond.com> for ; Tue, 7 Jul 2009 00:47:09 +0000 Received: from tux.localnet ([124.189.38.11]) by nschwotgx01p.mx.bigpond.com with ESMTP id <20090707004708.GDED12022.nschwotgx01p.mx.bigpond.com@tux.localnet> for ; Tue, 7 Jul 2009 00:47:08 +0000 From: Paul Colquhoun To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSL giving corrupted MAC on input Date: Tue, 7 Jul 2009 10:47:06 +1000 User-Agent: KMail/1.11.4 (Linux/2.6.29-gentoo-r1; KDE/4.2.4; x86_64; ; ) References: <5f14cf5e0907060931l2b59bc8pc0c53e6c3a569790@mail.gmail.com> In-Reply-To: <5f14cf5e0907060931l2b59bc8pc0c53e6c3a569790@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200907071047.07065.paulcol@andor.dropbear.id.au> X-Authentication-Info: Submitted using SMTP AUTH PLAIN at nschwotgx01p.mx.bigpond.com from [124.189.38.11] using ID acol8118@bigpond.net.au at Tue, 7 Jul 2009 00:47:08 +0000 X-RPD-ScanID: Class unknown; VirusThreatLevel unknown, RefID str=0001.0A150205.4A529B0D.0002,ss=1,fgs=0 X-SIH-MSG-ID: qhkyE9b+TAD0zmR+0TexO1JwyFriqyB48Z4QX81loRMGT07duMDOJ4/2Y9kEnZ720y5MNhCBOWsgarzmXY/YiA== X-Archives-Salt: 1a6a55f7-869d-44a9-acd5-5c6b81735863 X-Archives-Hash: 164e25cdace403e190df5ff88995fbe0 On Tue, 7 Jul 2009 02:31:38 Simon wrote: > Hi there! > I'm getting this issue where even very small transfers through ssh > will cause this error message: Corrupted MAC on input. I've done my > homework and found out this is not necessarily related to the network > hardware as TCP would retransmit such corrupted packets, moreover the > error message is clearly related to ssh as googling proves this. > > A quick troubleshooting i've done was to setup apache and simply > wget a very large file over plain HTTP. Transfer worked, i did it a > second time and diff'ed the two downloads, they were the same. I then > did the same test over HTTPS and got an error > (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified > the problem is much more related to SSL than anything else. > > A quick glance at `emerge -vp openssl` showed an issue: it had been > compiled with sse2 support while this computer's cpu didnt support > that. Changed use flags and recompiled, restarted ssh and apache. > They both continued giving the same error. I finally rebooted the > machine, in case, but same issue still... The only use flag for > openssl now is zlib. What did you recompile? There may still be a library using the "sse2" flag. Have you tried using the "--newuse" or "--reinstall changed-use" emerge flags? -- Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol Before you criticize someone, you should walk a mile in their shoes. Then, when you do, you'll be a mile away, and you'll have their shoes.