LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-28-2011, 08:46 AM   #1
mahao
LQ Newbie
 
Registered: Dec 2010
Posts: 8

Rep: Reputation: 0
Error code: ssl_error_bad_mac_read


Hi all,

we met an emergency problem.

We could not access our web site page on firefox or chrome or ie:

Firefox give us these error:

Secure Connection Failed

An error occurred during a connection to jira.inside.nokiasiemensnetworks.com.

SSL received a record with an incorrect Message Authentication Code.

(Error code: ssl_error_bad_mac_read)

The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.



We also try on linux with wget to access it:

here is the result:

[root@esjirp63 eedbuser]# wget -v https://jira.inside.nokiasiemensnetw...Dashboard.jspa -O /dev/null
--2011-06-28 14:21:33-- https://jira.inside.nokiasiemensnetw...Dashboard.jspa
Resolving jira.inside.nokiasiemensnetworks.com... 87.254.222.230 Connecting to jira.inside.nokiasiemensnetworks.com|87.254.222.230|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `/dev/null'

[ <=> ] 25,247 --.-K/s in 0.001s

2011-06-28 14:21:33 (29.5 MB/s) - Read error at byte 25247 (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac).Retrying.

--2011-06-28 14:21:34-- (try: 2) https://jira.inside.nokiasiemensnetw...Dashboard.jspa
Connecting to jira.inside.nokiasiemensnetworks.com|87.254.222.230|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `/dev/null'

100%[==================================================================================================== =====================================>] 40,031 --.-K/s in 0.001s

2011-06-28 14:21:34 (47.7 MB/s) - `/dev/null' saved [40031]

[root@esjirp63 eedbuser]#

Do you have any advice for how to solve this?

This is emergency, please give us feedback ASAP.

Best Regards
 
Old 06-28-2011, 07:01 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
You could try using Firefox with a clean profile without any plugins. Else try running in safe mode. Else try another browser. Else this might be a server side error, and since this is restricted access anyway, I think you best contact Nokia Siemens Networks (NSN) Internet Support in which case you should review connection instructions you've gotten and maybe add 'openssl s_client -connect $(host jira.inside.nokiasiemensnetworks.com):443 -bugs' output to your ticket.
 
1 members found this post helpful.
Old 06-28-2011, 09:50 PM   #3
mahao
LQ Newbie
 
Registered: Dec 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
You could try using Firefox with a clean profile without any plugins. Else try running in safe mode. Else try another browser. Else this might be a server side error, and since this is restricted access anyway, I think you best contact Nokia Siemens Networks (NSN) Internet Support in which case you should review connection instructions you've gotten and maybe add 'openssl s_client -connect $(host jira.inside.nokiasiemensnetworks.com):443 -bugs' output to your ticket.
Here is it:

[root@esjirt62 ~]# openssl s_client -connect jira.inside.nokiasiemensnetworks.com:443 -bugs
CONNECTED(00000003)
depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify return:1
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
verify return:1
depth=0 /C=FI/ST=Espoo/L=Espoo/O=Nokia Siemens Networks/OU=NSN IT/CN=jira.inside.nokiasiemensnetworks.com
verify return:1
---
Certificate chain
0 s:/C=FI/ST=Espoo/L=Espoo/O=Nokia Siemens Networks/OU=NSN IT/CN=jira.inside.nokiasiemensnetworks.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
SOME HIDDEN CONTENT BY THE AUTHOR
-----END CERTIFICATE-----
subject=/C=FI/ST=Espoo/L=Espoo/O=Nokia Siemens Networks/OU=NSN IT/CN=jira.inside.nokiasiemensnetworks.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4229 bytes and written 284 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
Session-ID-ctx:
Master-Key: SOME HIDDEN CONTENT BY THE AUTHOR
Key-Arg : None
Krb5 Principal: None
Start Time: 1309312078
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
 
Old 06-30-2011, 03:16 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
I've given you three options which you didn't post back about. Maybe read my post again? You did post output we (or at least I) don't want to see. I told you to send such output to NSN Internet Support.
 
  


Reply

Tags
ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SOLVED: Upgrade error: Sub-process /usr/bin/dpkg returned an error code (1) jlb0057 Debian 3 03-11-2011 09:37 AM
Linux Citrix Receiver gives me error: provider code 20 SSL error 86 ebeyer Linux - Networking 1 09-16-2009 12:32 PM
Error in Perl Code : Bad switch statement(Problem in code block)? near ## line # suyog255 Programming 4 02-20-2008 06:35 PM
LPRng error 'NONZERO RFC1179 ERROR CODE FROM SERVER' ivanscheers Linux - Networking 0 10-11-2004 03:50 AM


All times are GMT -5. The time now is 05:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration