From nobody Mon Nov 6 20:07:02 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SPMnz2WYtz4ywmS for ; Mon, 6 Nov 2023 20:07:19 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4SPMny5NmTz3MXp for ; Mon, 6 Nov 2023 20:07:18 +0000 (UTC) (envelope-from bc979@lafn.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (unknown [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4SPMnr2ZfYz2gF5D; Mon, 6 Nov 2023 12:07:12 -0800 (PST) From: Doug Hardie Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: Openssl errors on FreeBSD Date: Mon, 6 Nov 2023 12:07:02 -0800 In-Reply-To: Cc: Freebsd Questions To: iio7@tutanota.com References: X-Mailer: Apple Mail (2.3731.700.6) X-Virus-Scanned: clamav-milter 1.1.2 at mail X-Virus-Status: Clean X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US] X-Rspamd-Queue-Id: 4SPMny5NmTz3MXp --Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Nov 6, 2023, at 07:06, iio7@tutanota.com wrote: >=20 >=20 >=20 >> This has nothing to do with FreeBSD and everything to do with the = openssl library. >> This error isn't present when I attempt to reproduce it here. >> My version of openssl is: OpenSSL 1.1.1t-freebsd 7 Feb 2023 >> What version are you attempting this with? >>=20 > That is what I suspected. I fails on both boxes running the same = version of FreeBSD and OpenSSL. > $ openssl version > OpenSSL 1.1.1t-freebsd 7 Feb 2023 >=20 > $ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf > % Total % Received % Xferd Average Speed Time Time Time = Current > Dload Upload Total Spent Left = Speed > 4 763k 4 32639 0 0 265k 0 0:00:02 --:--:-- = 0:00:02 267k > curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: error:1408F119:SSL = routines:ssl3_get_record:decryption failed or bad record mac, errno 0 >=20 > $ uname -a > FreeBSD 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64 >=20 > On the OpenBSD box: >=20 > $ openssl version > LibreSSL 3.8.2 >=20 > $ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf=20 > % Total % Received % Xferd Average Speed Time Time Time = Current > Dload Upload Total Spent Left = Speed > 100 763k 100 763k 0 0 1730k 0 --:--:-- --:--:-- = --:--:-- 1740k >=20 > I am not sure how to progress from here. You might try: openssl s_client -connect www.unixsheikh.com:443 = and see what it reports. Warning, s_client generates a lot of = diagnostic data during connection. -- Doug --Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
On Nov 6, 2023, = at 07:06, iio7@tutanota.com wrote:



This has nothing to do with FreeBSD and everything to do = with the openssl library.
This error isn't present when I attempt to = reproduce it here.
My version of openssl is:  OpenSSL = 1.1.1t-freebsd  7 Feb 2023
What version are you attempting this = with?

That is what I suspected. I fails on both = boxes running the same version of FreeBSD and OpenSSL.
$ openssl = version
OpenSSL 1.1.1t-freebsd  7 Feb 2023

$ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf
  = % Total    % Received % Xferd  Average = Speed   Time    Time     = Time  = Current
          &nb= sp;            = ;          Dload  = Upload   Total   Spent    Left  = Speed
  4  763k    4 32639    = 0     0   = 265k      0  0:00:02 --:--:--  = 0:00:02  267k
curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: = error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad = record mac, errno 0

$ uname -a
FreeBSD 13.2-RELEASE-p4 FreeBSD = 13.2-RELEASE-p4 GENERIC amd64

On the OpenBSD box:

$ = openssl version
LibreSSL 3.8.2

$ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf 
&= nbsp; % Total    % Received % Xferd  Average = Speed   Time    Time     = Time  = Current
          &nb= sp;            = ;          Dload  = Upload   Total   Spent    Left  = Speed
100  763k  100  763k    = 0     0  1730k      0 = --:--:-- --:--:-- --:--:-- 1740k

I am not sure how to progress = from here.

You might = try:

openssl s_client -connect www.unixsheikh.com:443

and see what it reports.  Warning, s_client = generates a lot of diagnostic data during = connection.

-- = Doug


= --Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41--