[
https://issues.apache.org/jira/browse/TS-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Susan Hinrichs updated TS-3424:
-------------------------------
Attachment: ts-3424.diff
The patch in ts-3424.diff might fix things. To support blind tunnel from SSL
connection, we changed the SSL handshake to use a mem_buf BIO for reading. And
we read directly into an iobuffer. Thus we had the data to resend if we
decided to tunnel during the handshake.
But if the handshake succeeded, we needed to transition over to the simpler
socket BIO.
I think my buffer handling logic was wrong if handshake data was read into a
contiguous block in multiple chunks. I still need to write test code to
exercise that case. The attached patch does not make things any worse.
> SSL error: SSL3_GET_RECORD:decryption failed or bad record mac
> --------------------------------------------------------------
>
> Key: TS-3424
> URL: https://issues.apache.org/jira/browse/TS-3424
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Brian Geffon
> Assignee: Brian Geffon
> Attachments: ts-3424.diff
>
>
> Starting with 5.2.x we're seeing SSL_ERROR_SSL type errors in
> {{ssl_read_from_net}}, when calling OpenSSL's {{ERR_error_string_n}} we see
> the error is {{1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
