On Wed, Nov 10, 1999, Steve Freitas wrote:
> I'm on RH 6.1, Apache 1.3.9, modssl 2.4.8-1.3.9, and openssl 0.9.4. When
> I attempted to establish a secure connection, my Netscape browser
> complained about an incorrect "Message Authentication Code." The end of
> ssl_engine_log looks like this:
>
> [10/Nov/1999 20:47:25 25706] [info] Connection to child 3 established
> (server blah.com:443, client 12.34.56.78)
> [10/Nov/1999 20:47:25 25706] [error] SSL handshake failed (server
> blah.com:443, client 12.34.56.78) (OpenSSL library error follows)
> [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:0407106B:rsa
> routines:RSA_padding_check_PKCS1_type_2:block type is not 02
> [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:04065072:rsa
> routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
> [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:1408F071:SSL
> routines:SSL3_GET_RECORD:bad mac decode
>
> Can anybody help me?
I guess the following FAQ entry applies to you, too:
| <faq ref="io-ns" toc="Why do I get I/O errors with my NS clients?">
| When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I
| get I/O errors and the message "Netscape has encountered bad data from the
| server" What's the reason?
| </faq>
|
| The problem usually is that you had created a new server certificate with
| the same DN, but you had told your browser to accept forever the old
| server certificate. Once you clear the entry in your browser for the old
| certificate, everything usually will work fine. Netscape's SSL
| implementation is correct, so when you encounter I/O errors with Netscape
| Navigator it is most of the time caused by the configured certificates.
|
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]