Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-538

Odd bug in ssl/crypto, "Fatal - Bad Record MAC" when connecting to some servers.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 20.2
    • Fix Version/s: 21.0
    • Component/s: crypto, ssl
    • Labels:
      None

      Description

      Getting an odd error message when trying to connect to certain ssl servers. Example:

      Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:10] [hipe] [kernel-poll:false]
      
      Eshell V9.2  (abort with ^G)
      1> ssl:start().                                                                                                       
      ok
      2> ssl:connect("gateway.discord.gg", 443, [binary, {active, false}, {packet, 0}, {verify, verify_none}]).
      
      =INFO REPORT==== 24-Dec-2017::04:23:37 ===
      TLS client: In state cipher received SERVER ALERT: Fatal - Bad Record MAC
      
      {error,{tls_alert,"bad record mac"}}
      3> 
      

      Example of a server that connects

      1> ssl:start().                                                                                          
      ok
      2> ssl:connect("bugs.erlang.org", 443, [binary, {active, false}, {packet, 0}, {verify, verify_none}]).                
      {ok,{sslsocket,{gen_tcp,#Port<0.803>,tls_connection,
                              undefined},
                     <0.86.0>}}
      3>
      

      Someone else who seems to have the same issue: https://stackoverflow.com/q/45245365/568801

      This is on a current Arch Linux system:
      erlang 20.2
      openssl 1.1.0.g

      I tried this on a Ubuntu 17.10 vm, seems to work. Maybe related to older versions of erlang or openssl?

      Thank you.

        Attachments

          Activity

            People

            Assignee:
            ingela Ingela Anderton Andin
            Reporter:
            stoodfarback stoodfarback
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: