Re: Unable to open https://www.mail-archive.com/, SSL issues with firefox, chromium, curl

Wed, 09 Sep 2020 14:35:24 -0700 

On Wed, Sep 09, 2020 at 09:35:34PM +0100, Stuart Henderson wrote:
> On 2020/09/09 20:31, Mikolaj Kucharski wrote:
> > Hi,
> > 
> > I see this problem with curl on two machines and firefox and chromium on
> > one as that's the only X11 environment which I have.
> > 
> > # curl -vs https://www.mail-archive.com/
> > *   Trying 72.52.77.8:443...
> > * Connected to www.mail-archive.com (72.52.77.8) port 443 (#0)
> > * ALPN, offering h2
> > * ALPN, offering http/1.1
> > * successfully set certificate verify locations:
> > *   CAfile: /etc/ssl/cert.pem
> >   CApath: none
> > * (304) (OUT), TLS handshake, Client hello (1):
> > * (304) (IN), TLS handshake, Server hello (2):
> > * (304) (IN), TLS handshake, Unknown (8):
> > * (304) (IN), TLS handshake, Certificate (11):
> > * (304) (IN), TLS handshake, CERT verify (15):
> > * error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
> > * Closing connection 0
> > 
> > 
> > Chormium reports ERR_SSL_PROTOCOL_ERROR
> > Firefox reports SSL_ERROR_BAD_MAC_READ
> > 
> > With curl I see problem on:
> > 
> > OpenBSD 6.8-beta (GENERIC.MP) #64: Sun Sep  6 18:19:41 MDT 2020
> >     [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> No problem here, on the same snapshot, with curl, ftp, firefox (I didn't
> try chrome).
> 

I tested my other non-graphical OpenBSD machines, which are
running exactly the same 6.8-beta and curl works fine there.

I couldn't find anything obvious which is different between those
machines which have working curl and those which don't have working
curl. The only thing which is different between them is geographical
location, which in turn means different ISP.

When I reported the problem both machines were connected to the internet
via LTE.

Without reboot, without any upgrade I moved affected machine to
different part of the building where there is another access point
connected to internet through different SIM card (also LTE internet)
and I had the same problem, curl failed.

Both SIM cards are from the same ISP, which is Play (P4 Sp. z o.o.,
AS39603). However both SIM cards are inserted into routers which are
from different vendors (PC Engines vs Huawei). Access points are also
different. So, in other words no common hardware type between those
two parts of the building.

I've enabled tethering on my mobile, which is using Orange, connected
OpenBSD to it and curl started to work O_o.

-- 
Regards,
 Mikolaj

Reply via email to