Hello, Attached patch solving the problem with OpenSSL 1.0.0 and more recent versions, including recent git snapshot.
Error: SSL_read() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) See more information to reproduce error: http://trac.nginx.org/nginx/ticket/215 http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004385.html Thanks
>From 4a56fe7c2bebc029cee4ad1445c440f66ed038bc Mon Sep 17 00:00:00 2001 From: Aleksey Samsonov <[email protected]> Date: Mon, 17 Feb 2014 06:08:26 +0400 Subject: [PATCH] Don't release read buffer if read-ahead left Fix error: SSL_read() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) More information to reproduce: http://trac.nginx.org/nginx/ticket/215 http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004385.html --- ssl/s3_pkt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b9e45c7..30b74c2 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1335,7 +1335,8 @@ start: s->rstate=SSL_ST_READ_HEADER; rr->off=0; if (s->mode & SSL_MODE_RELEASE_BUFFERS) - ssl3_release_read_buffer(s); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + ssl3_release_read_buffer(s); } } return(n); -- 1.8.4
