Re: [gentoo-user] SSL giving corrupted MAC on input
> I'm running memtest86 on that pc at the moment, i will Went through 1 pass with zero errors, I'll try some more passes in case later... > look more into > the flags (i havent checked in the /etc/portage/packages.use, there > might be some sse in there too that i missed). Checked all make.conf and /etc/portage/*, all use flags are fine according to me, masks are good too (not masking any deps of ssh), keywords are good (same, not using unstable stuff for any deps of ssh). > Since this pc is not connected to the net, i used to sync it through > ssh, so it has not been sync'ed in a while now... i'll try to manage > to sync it (maybe tar /usr/portage and netcat that over, dunno...). Well, i actually did the following command on both my up2date laptop and this outdated pc: emerge -e -p openssh > somefile Then copied the file over to my laptop and compared differences: hideo ~ # diff --suppress-common-lines -y ./hideo_openssh_fullemerge.txt wmslave_openssh_fullemerge.txt Calculating dependencies ... done!| Calculating dependencies ... done! [ebuild R ] app-admin/eselect-python-20090606 < > [ebuild R ] sys-apps/sed-4.1.5-r1 [ebuild R ] sys-apps/sed-4.2 < [ebuild R ] dev-lang/python-2.5.4-r3 | [ebuild R ] dev-lang/python-2.5.4-r2 [ebuild R ] app-admin/eselect-1.1.1 | [ebuild R ] app-admin/eselect-1.0.12 sorry the diff shows probably better if not wrapped at 80chars... but bottomline is i have an older version of python, sed and eselect on the outdated pc. Since i have nothing better to try at the moment, i will wipeout /usr/portage on the outdated pc and copy my laptops over using wget (i hope apache supports resuming downloads by default, in case!)... Thanks again!...
Re: [gentoo-user] SSL giving corrupted MAC on input
> What did you recompile? There may still be a library using the "sse2" flag. > > Have you tried using the "--newuse" or "--reinstall changed-use" emerge flags? Well, since all my problem were related to the use of ssh, i did a full: emerge -e openssh (took a 2 days on that super old pc, while shutdown for the night) I tried doing an full update after: emerge -uDN world emerge --depclean revdep-rebuild Then i tryied copying files through ssh and got same issue again. I also tried with a usb adapter, got the same issue. Again, i remind i tried transfering without ssh (ie using http or netcat) and it works top shape. I'm running memtest86 on that pc at the moment, i will look more into the flags (i havent checked in the /etc/portage/packages.use, there might be some sse in there too that i missed). Since this pc is not connected to the net, i used to sync it through ssh, so it has not been sync'ed in a while now... i'll try to manage to sync it (maybe tar /usr/portage and netcat that over, dunno...). I'll post again with results of these last few checks later today... Thanks!
Re: [gentoo-user] SSL giving corrupted MAC on input
On Tue, 7 Jul 2009 02:31:38 Simon wrote: > Hi there! > I'm getting this issue where even very small transfers through ssh > will cause this error message: Corrupted MAC on input. I've done my > homework and found out this is not necessarily related to the network > hardware as TCP would retransmit such corrupted packets, moreover the > error message is clearly related to ssh as googling proves this. > > A quick troubleshooting i've done was to setup apache and simply > wget a very large file over plain HTTP. Transfer worked, i did it a > second time and diff'ed the two downloads, they were the same. I then > did the same test over HTTPS and got an error > (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified > the problem is much more related to SSL than anything else. > > A quick glance at `emerge -vp openssl` showed an issue: it had been > compiled with sse2 support while this computer's cpu didnt support > that. Changed use flags and recompiled, restarted ssh and apache. > They both continued giving the same error. I finally rebooted the > machine, in case, but same issue still... The only use flag for > openssl now is zlib. What did you recompile? There may still be a library using the "sse2" flag. Have you tried using the "--newuse" or "--reinstall changed-use" emerge flags? -- Reverend Paul Colquhoun, ULC.http://andor.dropbear.id.au/~paulcol Before you criticize someone, you should walk a mile in their shoes. Then, when you do, you'll be a mile away, and you'll have their shoes.
[gentoo-user] SSL giving corrupted MAC on input
Hi there! I'm getting this issue where even very small transfers through ssh will cause this error message: Corrupted MAC on input. I've done my homework and found out this is not necessarily related to the network hardware as TCP would retransmit such corrupted packets, moreover the error message is clearly related to ssh as googling proves this. A quick troubleshooting i've done was to setup apache and simply wget a very large file over plain HTTP. Transfer worked, i did it a second time and diff'ed the two downloads, they were the same. I then did the same test over HTTPS and got an error (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified the problem is much more related to SSL than anything else. A quick glance at `emerge -vp openssl` showed an issue: it had been compiled with sse2 support while this computer's cpu didnt support that. Changed use flags and recompiled, restarted ssh and apache. They both continued giving the same error. I finally rebooted the machine, in case, but same issue still... The only use flag for openssl now is zlib. What is also pretty strange about the issue, is i haven't touched the kernel in a long time and i usually do all my gentoo updates on monday. The problem must have happened since last monday's updates, but i dont monitor those very much, all i care is everything went fine and that revdep-rebuild says i'm good to go. I've done many emerges since then so i cant figure out a way to see what has been updated recently. A bit of background: That PC runs kernel 2.6.24, it's my slowest pc (used for backups mostly) P3 @ 450Mhz, it's got 128MB of ram. Some programes have been unmasked, but none that have any relationship with openssl are, everything dealing with that is stable. Doing `find /usr/portage/distfiles -ctime -10` (should give me the files downloaded within last 10 days, right?) it shows a few files but glibc is the only that i can see has relationship with issue... Anyone can help troubleshoot some more?