[
https://issues.apache.org/jira/browse/TS-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357630#comment-14357630
]
Brian Geffon commented on TS-3424:
----------------------------------
Alright, I have more info, it seems related to Diffie Hellman, changing my
cipher suite to remove all DHE ciphers seems to have dropped the error rate
substantially, this also makes sense because we have new code to enable DHE
settings.
> SSL error: SSL3_GET_RECORD:decryption failed or bad record mac
> --------------------------------------------------------------
>
> Key: TS-3424
> URL: https://issues.apache.org/jira/browse/TS-3424
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Brian Geffon
> Assignee: Brian Geffon
> Fix For: 6.0.0
>
> Attachments: ts-3424-2.diff, ts-3424-3.diff, ts-3424-for-52-2.diff,
> ts-3424-for-52.diff, ts-3424.diff, undo-handshake-buffer.diff
>
>
> Starting with 5.2.x we're seeing SSL_ERROR_SSL type errors in
> {{ssl_read_from_net}}, when calling OpenSSL's {{ERR_error_string_n}} we see
> the error is {{1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
