[Pkg-openssl-devel] Bug#912737: openssl: SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed
Julien Lecomte
julien at lecomte.at
Sun Nov 4 14:10:42 GMT 2018
Hello
Thanks to your remark I tried connecting my computer directly to the
set-top box.
Connected directly, the file downloads fine (verified via md5sum).
Connected indirectly, the download shows the issues I encountered.
The "indirect" route is desktop <-> ubiquiti unifi switch <-> ubiquiti
unifi security gateway <-> set-top box.
I'll move the issue directly to ubiquiti to figure out what is going wrong.
Thanks
Julien
On 11/03/2018 11:45 AM, Kurt Roeckx wrote:
> On Sat, Nov 03, 2018 at 11:12:37AM +0100, Julien Lecomte wrote:
>> Package: openssl
>> Version: 1.1.1-2
>> Severity: serious
>> Justification: makes unrelated software on the system (or the whole system) break
>>
>> Dear Maintainer,
>>
>> On a fresh install of Debian/Buster via the alpha3 dvd ISO, when I try to access some SSL URLs, openssl fails to download said resource.
>>
>> ~~~bash
>> julien at desktop:/tmp$ curl https://download.lenovo.com/pccbbs/mobiles/n1wuj23w.exe --output file
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 8169k 0 27800 0 0 268k 0 0:00:30 --:--:-- 0:00:30 268k
>> curl: (56) OpenSSL SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac, errno 0
>> ~~~
>>
>> URL above issues error "/tmp/mozilla_julien0/5wQP3KKa.bin.part could not be saved, because the source file could not be read." under firefox-esr.
>
> It works for me.
>
> Are you saying it gives an error both with firefox and curl? Then
> it would be 2 different TLS implementaitons saying something is
> wrong.
>
> Does it work when you add --tls-max 1.2?
>
> I suspect there is some middlebox that breaks things for you.
>
>
> Kurt
>
More information about the Pkg-openssl-devel
mailing list