On Sat, Nov 03, 2018 at 11:12:37AM +0100, Julien Lecomte wrote: > Package: openssl > Version: 1.1.1-2 > Severity: serious > Justification: makes unrelated software on the system (or the whole system) > break > > Dear Maintainer, > > On a fresh install of Debian/Buster via the alpha3 dvd ISO, when I try to > access some SSL URLs, openssl fails to download said resource. > > ~~~bash > julien@desktop:/tmp$ curl > https://download.lenovo.com/pccbbs/mobiles/n1wuj23w.exe --output file > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 0 8169k 0 27800 0 0 268k 0 0:00:30 --:--:-- 0:00:30 268k > curl: (56) OpenSSL SSL_read: error:1408F119:SSL > routines:ssl3_get_record:decryption failed or bad record mac, errno 0 > ~~~ > > URL above issues error "/tmp/mozilla_julien0/5wQP3KKa.bin.part could not be > saved, because the source file could not be read." under firefox-esr.
It works for me. Are you saying it gives an error both with firefox and curl? Then it would be 2 different TLS implementaitons saying something is wrong. Does it work when you add --tls-max 1.2? I suspect there is some middlebox that breaks things for you. Kurt
