Hi, The bad MAC (message authentication context) error is OpenSSL detecting a problem with the integrity of your communication layer. Normally this means that your packets are out of order or that you have lost some bytes.
Try doing a simple checksum of your encrypted data client and server side. You'll probably find that you've miscalculated a buffer size or something. Maybe you've got some packet fragmentation... David L > Message Received: Oct 03 2013, 07:30 PM > From: "Perrow, Graeme" <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Subject: decryption failed or bad record mac error on SSL connection > > > I am seeing an error on some SSL connections between two different Windows > machines. Both are using OpenSSL 1.0.1e. The error is: > > 3612:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record mac:.\ssl\s3_pkt.c:484: > > This shows up on a connection (the TLS client, if it matters) while > downloading a large amount of data (a 70 MB file). The amount of data I can > send/receive before the error happens differs but is rarely more than about > 400 KB. Some googling showed many reports saying this was related to AES-NI, > and that I should disable it using the OPENSSL_ia32cap environment variable, > but this did not fix the problem. Plus it seems that my version of OpenSSL > should contain the fix anyway. > > I'm using SSLv23_server_method() and SSL23_client_method() on the server and > client respectively. The opts I'm using are SSL_OP_ALL|SSL_OP_NO_SSLv2, and > the ciphers are "AES256-SHA:AES128-SHA:RC4-MD5". > > Anyone know what else might cause this problem or how I can avoid it? > > Graeme Perrow > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
