public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Simon <turner25@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] SSL giving corrupted MAC on input
Date: Mon, 6 Jul 2009 12:31:38 -0400	[thread overview]
Message-ID: <5f14cf5e0907060931l2b59bc8pc0c53e6c3a569790@mail.gmail.com> (raw)

Hi there!
  I'm getting this issue where even very small transfers through ssh
will cause this error message:  Corrupted MAC on input.  I've done my
homework and found out this is not necessarily related to the network
hardware as TCP would retransmit such corrupted packets, moreover the
error message is clearly related to ssh as googling proves this.

  A quick troubleshooting i've done was to setup apache and simply
wget a very large file over plain HTTP.  Transfer worked, i did it a
second time and diff'ed the two downloads, they were the same.  I then
did the same test over HTTPS and got an error
(SSL3_GET_RECORD:decryption failed or bad record mac). This clarified
the problem is much more related to SSL than anything else.

  A quick glance at `emerge -vp openssl` showed an issue:  it had been
compiled with sse2 support while this computer's cpu didnt support
that.  Changed use flags and recompiled, restarted ssh and apache.
They both continued giving the same error.  I finally rebooted the
machine, in case, but same issue still...  The only use flag for
openssl now is zlib.

  What is also pretty strange about the issue, is i haven't touched
the kernel in a long time and i usually do all my gentoo updates on
monday.  The problem must have happened since last monday's updates,
but i dont monitor those very much, all i care is everything went fine
and that revdep-rebuild says i'm good to go.  I've done many emerges
since then so i cant figure out a way to see what has been updated
recently.

  A bit of background:  That PC runs kernel 2.6.24, it's my slowest pc
(used for backups mostly) P3 @ 450Mhz, it's got 128MB of ram.  Some
programes have been unmasked, but none that have any relationship with
openssl are, everything dealing with that is stable.  Doing `find
/usr/portage/distfiles -ctime -10` (should give me the files
downloaded within last 10 days, right?) it shows a few files but glibc
is the only that i can see has relationship with issue...

  Anyone can help troubleshoot some more?



             reply	other threads:[~2009-07-06 16:31 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-07-06 16:31 Simon [this message]
2009-07-06 16:43 ` [gentoo-user] Re: SSL giving corrupted MAC on input Simon
2009-07-07  0:47 ` [gentoo-user] " Paul Colquhoun
2009-07-20 18:59   ` Simon
2009-07-20 19:16     ` Simon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5f14cf5e0907060931l2b59bc8pc0c53e6c3a569790@mail.gmail.com \
    --to=turner25@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox