Thread: SSL error: decryption failed or bad record mac

SSL error: decryption failed or bad record mac

From
"Claudio Rossi"
Date:
Hello, I just installed postgresql 8.1.5 and the only things I ported from 8.0.3 (last version I used) are server, user
andCA X509 certificates (fresh install for everything else). I'm using OpenSSL 0.9.8d, Fedora Core 4, I have enabled
SSLas described in manual (at every step where it's needed) and I had no problems with previous 8.0.3. This is the
problem:when I set up a SSL connection I get this log output: 

DEBUG: SSL connection from "common_name"
DEBUG: SSL: write alert (0x0214)
LOG: SSL error: decryption failed or bad record mac

and backend returns a signal 15, terminating connection. Any idea? Does anybody know what kind of error is "decryption
failedor bad record mac" (I mean, client certificate error? server certificate error?)? Thanks. 

Regards,
Claudio Rossi


------------------------------------------------------
Mutui a tassi scontati da 40 banche. Richiedi online e risparmia...Servizio gratuito. www.mutuionline.it
http://click.libero.it/mutuionline27nov



Re: SSL error: decryption failed or bad record mac

From
Jim Nasby
Date:
On Nov 27, 2006, at 12:06 PM, Claudio Rossi wrote:
> Hello, I just installed postgresql 8.1.5 and the only things I
> ported from 8.0.3 (last version I used) are server, user and CA
> X509 certificates (fresh install for everything else). I'm using
> OpenSSL 0.9.8d, Fedora Core 4, I have enabled SSL as described in
> manual (at every step where it's needed) and I had no problems with
> previous 8.0.3. This is the problem: when I set up a SSL connection
> I get this log output:
>
> DEBUG: SSL connection from "common_name"
> DEBUG: SSL: write alert (0x0214)
> LOG: SSL error: decryption failed or bad record mac
>
> and backend returns a signal 15, terminating connection. Any idea?
> Does anybody know what kind of error is "decryption failed or bad
> record mac" (I mean, client certificate error? server certificate
> error?)? Thanks.

You might gain some insight by looking at the code, but I'll bet that
that decryption failed error is from SSL itself. You might have
better luck asking the OpenSSL folks. Or it might be easier to just
re-generate all your certs.

Might be worth reading through the release notes to see if anything
SSL related has changed between 8.0.3 and 8.1.5.
--
Jim Nasby                                            jim@nasby.net
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)