Posted something similar to -users but I thought it might make more sense here on -dev, I apologize if that's not the case:
Recently (within last month or so), we started randomly getting this error in the middle of active long-duration connections (connection having been open minutes to hours with application traffic minimally every 60s): error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac It seems to occur during bursty traffic periods. The only recent change to our application in a way that changes the utilization of OpenSSL (other than perhaps timing differences) was to set cipher preferences to server instead of client via: SSL_CTX_set_options( ssl_ctx_server, SSL_OP_CIPHER_SERVER_PREFERENCE ); We did some searching and see a lot of discussion regarding this "decryption failed" error. Some search results indicate issues with utilizing AES (which is certainly a possibility given our cipher preference change). Some recent (2013) search results indicate a seemingly related issue fixed in 1.0.0e, however that's the version we're on. Some other results indicate this patch is related: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 but the patch seems to be (just) prior to 1.0.0e, it's not clear. Anyone have any insight on this based on this admittedly small level of information? Thanks... Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
