Date: Mon, 6 Nov 2023 12:07:02 -0800 From: Doug Hardie <bc979@lafn.org> To: iio7@tutanota.com Cc: Freebsd Questions <freebsd-questions@freebsd.org> Subject: Re: Openssl errors on FreeBSD Message-ID: <BCF423EB-4285-420D-9E96-E69E4507A1C1@sermon-archive.info> In-Reply-To: <Ni_9sSl--B-9@tutanota.com> References: <NiX8klV--3-9@tutanota.com> <CAFbbPuiPGYoDX33Gu1qkGH=GYw9NgcFyNq4PXJDKYpE-SLjVpw@mail.gmail.com> <Ni_9sSl--B-9@tutanota.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Nov 6, 2023, at 07:06, iio7@tutanota.com wrote: >=20 >=20 >=20 >> This has nothing to do with FreeBSD and everything to do with the = openssl library. >> This error isn't present when I attempt to reproduce it here. >> My version of openssl is: OpenSSL 1.1.1t-freebsd 7 Feb 2023 >> What version are you attempting this with? >>=20 > That is what I suspected. I fails on both boxes running the same = version of FreeBSD and OpenSSL. > $ openssl version > OpenSSL 1.1.1t-freebsd 7 Feb 2023 >=20 > $ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf > % Total % Received % Xferd Average Speed Time Time Time = Current > Dload Upload Total Spent Left = Speed > 4 763k 4 32639 0 0 265k 0 0:00:02 --:--:-- = 0:00:02 267k > curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: error:1408F119:SSL = routines:ssl3_get_record:decryption failed or bad record mac, errno 0 >=20 > $ uname -a > FreeBSD 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64 >=20 > On the OpenBSD box: >=20 > $ openssl version > LibreSSL 3.8.2 >=20 > $ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf=20 > % Total % Received % Xferd Average Speed Time Time Time = Current > Dload Upload Total Spent Left = Speed > 100 763k 100 763k 0 0 1730k 0 --:--:-- --:--:-- = --:--:-- 1740k >=20 > I am not sure how to progress from here. You might try: openssl s_client -connect www.unixsheikh.com:443 = <http://www.unixsheikh.com:443/>; and see what it reports. Warning, s_client generates a lot of = diagnostic data during connection. -- Doug --Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: = after-white-space;"><div><blockquote type=3D"cite"><div>On Nov 6, 2023, = at 07:06, iio7@tutanota.com wrote:</div><br = class=3D"Apple-interchange-newline"><div><div><br><br><blockquote = type=3D"cite">This has nothing to do with FreeBSD and everything to do = with the openssl library.<br>This error isn't present when I attempt to = reproduce it here.<br>My version of openssl is: OpenSSL = 1.1.1t-freebsd 7 Feb 2023<br>What version are you attempting this = with?<br><br></blockquote>That is what I suspected. I fails on both = boxes running the same version of FreeBSD and OpenSSL.<br>$ openssl = version<br>OpenSSL 1.1.1t-freebsd 7 Feb 2023<br><br>$ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf<br> = % Total % Received % Xferd Average = Speed Time Time = Time = Current<br> &nb= sp;  = ; Dload = Upload Total Spent Left = Speed<br> 4 763k 4 32639 = 0 0 = 265k 0 0:00:02 --:--:-- = 0:00:02 267k<br>curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: = error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad = record mac, errno 0<br><br>$ uname -a<br>FreeBSD 13.2-RELEASE-p4 FreeBSD = 13.2-RELEASE-p4 GENERIC amd64<br><br>On the OpenBSD box:<br><br>$ = openssl version<br>LibreSSL 3.8.2<br><br>$ curl -O = https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf <br>&= nbsp; % Total % Received % Xferd Average = Speed Time Time = Time = Current<br> &nb= sp;  = ; Dload = Upload Total Spent Left = Speed<br>100 763k 100 763k = 0 0 1730k 0 = --:--:-- --:--:-- --:--:-- 1740k<br><br>I am not sure how to progress = from here.</div></div></blockquote><br></div><div>You might = try:</div><div><br></div><div>openssl s_client -connect <a = href=3D"http://www.unixsheikh.com:443">www.unixsheikh.com:443</a></div><di= v><br></div><div>and see what it reports. Warning, s_client = generates a lot of diagnostic data during = connection.</div><div><br></div><div>-- = Doug</div><div><br></div><br></body></html>= --Apple-Mail=_60AD5DBA-7FED-4A6C-B22C-FE01A9487B41--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BCF423EB-4285-420D-9E96-E69E4507A1C1>