> From: owner-openssl-us...@openssl.org On Behalf Of Biswatosh > Sent: Monday, 03 August, 2009 10:32
> 1)Does openssl accept that this is their bug? It looks to get > manifested when lot of load is there. This is not consistent > in my case. > I don't recall any specific bug affecting this, but 9.6i is long before my time. All versions of OpenSSL do rely on the application to provide correct locking primitives. > 3) Why does this problem happen? If this happens > consistently, this could be because of incorrect key > certificate pair. But, in my case, it can happen any time but > not all time. > No, a (PK)keypair or certificate error would only be during handshake/negotiation. The get_record/datacrypto+MAC logic uses (only) the symmetric keys determined from negotiation. Intermittent occurence sounds like a multithreading/concurrency error. Which in general are very hard to debug. I would suggest you move up to the most recent version you can and see if it helps; even if not, it should make it easier to discuss specific symptoms with more people (i.e. developers). What details can you get when the problem occurs? Can you (have it) core-dump? Can you create the problem in a process under a debugger? Alternatively, it's a very crude "solution" but: can you just eliminate or reduce multithreading? That might prevent the bug from being triggered. Hardware is mostly cheap nowadays. > > From: Biswatosh <biswatosh2...@yahoo.com> > > Subject: Help Please....SSL3_GET_RECORD error > > My multithreaded application uses openssl 9.6i and sometime gets > > error: > > > > "SSL Error: error:1408F455:SSL > > routines:SSL3_GET_RECORD:decryption failed or bad record mac." > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
