Issue from forum: SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
moseleymark at gmail.com
Wed Apr 30 00:20:43 UTC 2014
On Tue, Apr 29, 2014 at 4:36 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:
> Hi Mark,
> > I'm running into a lot of the same error as was reported in the forum
> > at:
> >> SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
> > bad record mac
> > I've got an nginx server doing front-end SSL, with the upstream also
> > over SSL and also nginx (fronting Apache). They're all running 1.5.13
> > (all Precise 64-bit), so I can goof with various options like
> > ssl_buffer_size. These are running SSL-enabled web sites for my
> > customers.
> > I'm curious if there is any workaround for this besides patching
> > openssl, as mentioned a couple of weeks ago
> > in http://trac.nginx.org/nginx/ticket/215
> A patch was committed to openssl  and backported to the openssl-1.0.1
> stable branch , meaning that the next openssl release (1.0.1h) will
> contain the fix.
> You can:
> - cherry-pick the fix and apply it on 1.0.1g
> - use the 1.0.1 stable git branch
> - asking your openssl package maintainer to backport the fix (its security
> relevant, see CVE-2010-5298 )
> The fix is already in OpenBSD , Debian and Ubuntu will probably ship the
> patch soon, also see  and .
> Oh, cool, that's good news that it's upstream then. Getting the patch to
apply is a piece of cake. I was more worried about what would happen for
the next libssl update. Hopefully Ubuntu will pick that update up. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx