From nobody Mon Nov 06 01:34:57 2023
X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SNv6l3lnTz50VQt
	for <freebsd-questions@mlmmj.nyi.freebsd.org>; Mon,  6 Nov 2023 01:35:11 +0000 (UTC)
	(envelope-from pprocacci@gmail.com)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SNv6l1y1gz3dWL
	for <freebsd-questions@freebsd.org>; Mon,  6 Nov 2023 01:35:11 +0000 (UTC)
	(envelope-from pprocacci@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-9de7a43bd1aso187882166b.3
        for <freebsd-questions@freebsd.org>; Sun, 05 Nov 2023 17:35:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1699234508; x=1699839308; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=LJS1QleEbKLL6lqMd3jVMeLx97mZS1VyARUibf6AtMI=;
        b=PXr5YLZzpw42sP0YRJCYK91Fzbo0eaT4dryT7p5v2xsAj3CjVbOyN4m0/WuEofzmFj
         LWJQiAM50pEhIf7YIoPSAbtR3HNLXuQYJjpLPzr2njbES4S5KfRXwN9ec9QYcIkKU3dO
         0vKUORsAGu9nT6Mi+x6VszAHKuIGmbMDHATpwhks9GbDjUZdOytMx3eML7VL3L3yQL96
         ryLzVaEisqaph2OFwV/oQkUFj6zKvGHMf6mxILAkx+tq8QQTj6/FwU4kDIQvFxDH+KG/
         yPGZZow7mh6xzptN87QfJZJZxsGoL//QlroyoIQKXBfDn9mIpV9wkhAz/ieutmo68abh
         wE6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699234508; x=1699839308;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LJS1QleEbKLL6lqMd3jVMeLx97mZS1VyARUibf6AtMI=;
        b=xRGPWt6nrwP9h6q/L2Z9IMzzvLZMXOTCtZMwLH8A2rMztFGRxJ0Z66IZZTTiB36E4M
         ORWH1naNXktAP8V4YzKF9lh1y7dCMGp5sONS5IJdHC+veWmWL7jroO+t+nrZcuUwpm4z
         sLwq5L9Ye7naa92JjnVX9WfWJCrXovxuAqD0wTkhPVI4hR9BXeTyeqPMohXtVj0lB3hZ
         9Y5Awml66CIbMI2YLWEx+SvlZgJnZG4cAr48SZveHNViB4f7b6fIVnRhWj2ztvDjGJ6H
         vYx6jHorUaFEJoMq7POR3jfB7MLzn8ebhEPXtHgcNYQsi6y6x5ReJlikd9PpKVJPmWRf
         DJhA==
X-Gm-Message-State: AOJu0YzfBtNqzLYqBZED9abWe4YhDQwyNyN1ZJj4HBIy6VH72kYLy0zl
	LA3D1J6FBzah6glC1ZGG2tglTDrgyYjKQNz9GhojLiFfOA==
X-Google-Smtp-Source: AGHT+IEJ4NUefUfdbPqWlqDRtftamENRnJWs1goGcOrjMRP/C/7KyVm7fVAiflQVjII9X6GrI3HM+dnXP0aSKQAsZXU=
X-Received: by 2002:a17:906:c103:b0:9be:71ab:fb5e with SMTP id
 do3-20020a170906c10300b009be71abfb5emr11827244ejc.22.1699234508351; Sun, 05
 Nov 2023 17:35:08 -0800 (PST)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
References: <NiX8klV--3-9@tutanota.com>
In-Reply-To: <NiX8klV--3-9@tutanota.com>
From: Paul Procacci <pprocacci@gmail.com>
Date: Sun, 5 Nov 2023 20:34:57 -0500
Message-ID: <CAFbbPuiPGYoDX33Gu1qkGH=GYw9NgcFyNq4PXJDKYpE-SLjVpw@mail.gmail.com>
Subject: Re: Openssl errors on FreeBSD
To: iio7@tutanota.com
Cc: Freebsd Questions <freebsd-questions@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000042ad9c060971dd53"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]
X-Rspamd-Queue-Id: 4SNv6l1y1gz3dWL

--00000000000042ad9c060971dd53
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 5, 2023 at 8:03=E2=80=AFPM <iio7@tutanota.com> wrote:

> Hi,
>
> I have four machines in my office, 2 FreeBSD boxes, 1 OpenBSD box and 1
> Linux box. On my FreeBSD boxes I get openssl read errors on some differen=
t
> domains, such as:
>
> $ curl -O https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
> 12  763k   12 98139    0     0   377k      0  0:00:02 --:--:--  0:00:02
> 378k
> curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: error:1408F119:SSL
> routines:ssl3_get_record:decryption failed or bad record mac, errno 0
>
> I get the same with wget.
>
> I also have problems getting email and using SFTP:
>
> Email:
>
> ** IMAP error on mail.example.com: stream error
> ** IMAP connection broken
>
> SFTP:
>
> Status: Connecting to www.example. <http://www545.your-server.de>com...
> Status: Using username "foo".
> Command:        Pass: ****************
> Error:  FATAL ERROR: Incorrect MAC received on packet
> Error:  Could not connect to server
> Status: Waiting to retry...
>
> This is only a problem on the two FreeBSD boxes, not on the OpenBSD or th=
e
> Linux box. All connected to the same network. The two FreeBSD boxes
> runs 13.2-RELEASE-p4.
>
> Is this a problem with openssl on FreeBSD or what am I looking at here?
> Kind regards
>
>
>
This has nothing to do with FreeBSD and everything to do with the openssl
library.
This error isn't present when I attempt to reproduce it here.
My version of openssl is:  OpenSSL 1.1.1t-freebsd  7 Feb 2023
What version are you attempting this with?

~Paul

--=20
__________________

:(){ :|:& };:

--00000000000042ad9c060971dd53
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div dir=3D"ltr"><br></div><br><div class=3D"gmail_qu=
ote"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Nov 5, 2023 at 8:03=E2=
=80=AFPM &lt;<a href=3D"mailto:iio7@tutanota.com">iio7@tutanota.com</a>&gt;=
 wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
I have four machines in my office, 2 FreeBSD boxes, 1 OpenBSD box and 1 Lin=
ux box. On my FreeBSD boxes I get openssl read errors on some different dom=
ains, such as:<br>
<br>
$ curl -O <a href=3D"https://www.unixsheikh.com/includes/files/the-biggest-=
myths.pdf" rel=3D"noreferrer" target=3D"_blank">https://www.unixsheikh.com/=
includes/files/the-biggest-myths.pdf</a><br>
=C2=A0 % Total=C2=A0=C2=A0=C2=A0 % Received % Xferd=C2=A0 Average Speed=C2=
=A0=C2=A0 Time=C2=A0=C2=A0=C2=A0 Time=C2=A0=C2=A0=C2=A0=C2=A0 Time=C2=A0 Cu=
rrent<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Dload=C2=A0 Upload=C2=A0=C2=A0 T=
otal=C2=A0=C2=A0 Spent=C2=A0=C2=A0=C2=A0 Left=C2=A0 Speed<br>
12=C2=A0 763k=C2=A0=C2=A0 12 98139=C2=A0=C2=A0=C2=A0 0=C2=A0=C2=A0=C2=A0=C2=
=A0 0=C2=A0=C2=A0 377k=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0=C2=A0 0:00:02 --:--:=
--=C2=A0 0:00:02=C2=A0 378k<br>
curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: error:1408F119:SSL routines:ss=
l3_get_record:decryption failed or bad record mac, errno 0<br>
<br>
I get the same with wget.<br>
<br>
I also have problems getting email and using SFTP:<br>
<br>
Email:<br>
<br>
** IMAP error on <a href=3D"http://mail.example.com" rel=3D"noreferrer" tar=
get=3D"_blank">mail.example.com</a>: stream error<br>
** IMAP connection broken<br>
<br>
SFTP:<br>
<br>
Status: Connecting to www.example. &lt;<a href=3D"http://www545.your-server=
.de" rel=3D"noreferrer" target=3D"_blank">http://www545.your-server.de</a>&=
gt;com...<br>
Status: Using username &quot;foo&quot;.<br>
Command:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Pass: ****************<b=
r>
Error:=C2=A0 FATAL ERROR: Incorrect MAC received on packet<br>
Error:=C2=A0 Could not connect to server<br>
Status: Waiting to retry...<br>
<br>
This is only a problem on the two FreeBSD boxes, not on the OpenBSD or the =
Linux box. All connected to the same network. The two FreeBSD boxes runs=C2=
=A013.2-RELEASE-p4.<br>
<br>
Is this a problem with openssl on FreeBSD or what am I looking at here?<br>
Kind regards<br>
<br>
<br>
</blockquote></div><br clear=3D"all"></div><div>This has nothing to do with=
 FreeBSD and everything to do with the openssl library.</div><div>This erro=
r isn&#39;t present when I attempt to reproduce it here.</div><div>My versi=
on of openssl is:=C2=A0 OpenSSL 1.1.1t-freebsd =C2=A07 Feb 2023</div><div>W=
hat version are you attempting this with?<br></div><div><br></div><div>~Pau=
l<br></div><br><div><span class=3D"gmail_signature_prefix">-- </span><br><d=
iv dir=3D"ltr" class=3D"gmail_signature">__________________<br><br>:(){ :|:=
&amp; };:</div></div></div>

--00000000000042ad9c060971dd53--