I have noticed this behavior myself and I was not able to trace the cause for it yet. It happens regardless of the openssl version used.
Adrian On Aug 11, 2012, at 12:35 AM, Jared Biel wrote: > Hello, > > We've been experiencing issues with one of our Opensips instances for > a few months. Every now and then it appears that we get a bad packet > that's part of TLS negotiation (Encrypted Handshake Message.) Opensips > rejects this packet by replying with 'Bad Record MAC'. What's > interesting is that sometimes this causes all subsequent TLS > connections/negotiations to fail yet other times Opensips survives it. > The only way that we've found to recover from this failure is to > restart the daemon and we haven't found a way to reproduce it. We do > have packet captures containing the "bad" packets. > > Has anyone out there experienced this issue? We've seen it across > different servers, operating systems and Opensips versions. > > Log output: > > [2012-08-10 18:38:01.08] [opensips] ERROR:core:tls_accept: New TLS > connection from 1.2.3.4:1029 failed to accept: rejected by client > [2012-08-10 18:38:01.08] [opensips] WARNING:core:fm_free: free(0) called > [2012-08-10 18:38:01.08] [opensips] ERROR:core:tls_accept: New TLS > connection from 1.2.3.4:1032 failed to accept: rejected by client > [2012-08-10 18:38:01.08] [opensips] WARNING:core:fm_free: free(0) called > ... > [2012-08-10 18:38:13.72] [opensips] ERROR:core:_tls_read: TLS > connection to 9.3.3.4:35951 read failed > [2012-08-10 18:38:13.72] [opensips] ERROR:core:_tls_read: TLS read error: 1 > [2012-08-10 18:38:13.73] [opensips] ERROR:core:tls_print_errstack: TLS > errstack: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac > [2012-08-10 18:38:13.73] [opensips] ERROR:core:tcp_read_req: failed to read > > Versions: > > Opensips: 1.8.0 > Kernel: 3.2.0-26-virtual (Ubuntu 12.04) > Openssl: 1.0.1-4ubuntu5.3 > > Thanks, > Jared Biel > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
