This sounds suspiciously like a bug due to turning on compatibility with broken SSL implementations that was found and quashed about a week ago. If you turn off backward-compatibility (including MSIE broken SSL implementation), does the problem persist?
-Kyle H On 2/8/06, Michael Smith <[EMAIL PROTECTED]> wrote: > Hi there, > > A follow-up to my own post from last week. I've done some more digging - > hopefully this is enough for someone to offer some suggestions. > > I have been trying different versions of openssl with apache on solaris and > sun cc. With versions >= 0.9.7 (see below exact list of releases tested) I > get the following error when trying to connect with Firefox with SSL3: > > [Wed Feb 8 14:08:07 2006] [error] mod_ssl: SSL handshake failed (server > xxx:443, client 192.168.0.4) (OpenSSL library error follows) > [Wed Feb 8 14:08:07 2006] [error] OpenSSL: error:1408F455:SSL > routines:SSL3_GET_RECORD:decryption failed or bad record > mac > > And the browser displays a popup saying "incorrect Message Authentication > Code" > > Note that there are no problems whatsoever with IE, and that I can also get > things to work fine if I set firefox or the web server not to use SSL3. > > The exact versions of openssl that I have tested are: > > * openssl-0.9.6b: works fine > * openssl-0.9.6m: works fine > * openssl-0.9.7a: fails > * openssl-0.9.7e: fails > * openssl-0.9.7i: fails > * openssl-0.9.8: fails > * openssl-0.9.8-stable-SNAP-20060131: fails > > Any ideas would be greatfully received. Of course, using old versions of > openssl causes other problems ... > > Thank you > > Michael > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
