Re: Openssl errors on FreeBSD

From: Doug Hardie <bc979_at_lafn.org>
Date: Mon, 06 Nov 2023 20:07:02 UTC
> On Nov 6, 2023, at 07:06, iio7@tutanota.com wrote:
> 
> 
> 
>> This has nothing to do with FreeBSD and everything to do with the openssl library.
>> This error isn't present when I attempt to reproduce it here.
>> My version of openssl is:  OpenSSL 1.1.1t-freebsd  7 Feb 2023
>> What version are you attempting this with?
>> 
> That is what I suspected. I fails on both boxes running the same version of FreeBSD and OpenSSL.
> $ openssl version
> OpenSSL 1.1.1t-freebsd  7 Feb 2023
> 
> $ curl -O https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
>   4  763k    4 32639    0     0   265k      0  0:00:02 --:--:--  0:00:02  267k
> curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1t: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac, errno 0
> 
> $ uname -a
> FreeBSD 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64
> 
> On the OpenBSD box:
> 
> $ openssl version
> LibreSSL 3.8.2
> 
> $ curl -O https://www.unixsheikh.com/includes/files/the-biggest-myths.pdf 
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
> 100  763k  100  763k    0     0  1730k      0 --:--:-- --:--:-- --:--:-- 1740k
> 
> I am not sure how to progress from here.

You might try:

openssl s_client -connect www.unixsheikh.com:443 <http://www.unixsheikh.com:443/>

and see what it reports.  Warning, s_client generates a lot of diagnostic data during connection.

-- Doug