Hello,
I am new to the list and definitely lack knowledge regarding the inner
workings of the openssl stack. I will attempt to post all relevant
information in hopes of getting feedback on this issue.
Basically, I have an IBM Datatpower appliance that cannot complete a
successful handshake with a F5 LTM (load balancer). After the client and
server hellos, i get a "Fatal Alert" Bad Record Mac". Can someone explain
this error more clearly and what are the possible causes along with some
tips on how to debug/troubleshoot this issue? I have also traces available
if anyone wants them. Please refer to frame 7 below for the error.
Frame 5 (192 bytes on wire, 192 bytes captured)
Ethernet II, Src: Cisco_08:34:00 (00:1b:2b:08:34:00), Dst: Ibm_f1:c2:24
(00:14:5e:f1:c2:24)
Internet Protocol, Src: 10.97.127.7 (10.97.127.7), Dst: 10.97.85.73
(10.97.85.73)
Transmission Control Protocol, Src Port: https (443), Dst Port: 27608
(27608), Seq: 1, Ack: 106, Len: 126
Secure Socket Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 36
Handshake Protocol: Encrypted Handshake Message
No. Time Delta Source tcp win size Len
Total Bytes Destination Protocol Info
6 0.000699 0.000008 10.97.85.73 5888 66
647 10.97.127.7 TCP 27608 > https [ACK] Seq=106
Ack=127 Win=5888 Len=0 TSV=154345430 TSER=1789553040
Frame 6 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Ibm_f1:c2:24 (00:14:5e:f1:c2:24), Dst: All-HSRP-routers_0a
(00:00:0c:07:ac:0a)
Internet Protocol, Src: 10.97.85.73 (10.97.85.73), Dst: 10.97.127.7
(10.97.127.7)
Transmission Control Protocol, Src Port: 27608 (27608), Dst Port: https
(443), Seq: 106, Ack: 127, Len: 0
No. Time Delta Source tcp win size Len
Total Bytes Destination Protocol Info
7 0.000771 0.000072 10.97.85.73 5888 73
720 10.97.127.7 TLSv1 Alert (Level: Fatal, Description:
Bad Record MAC)
Frame 7 (73 bytes on wire, 73 bytes captured)
Ethernet II, Src: Ibm_f1:c2:24 (00:14:5e:f1:c2:24), Dst: All-HSRP-routers_0a
(00:00:0c:07:ac:0a)
Internet Protocol, Src: 10.97.85.73 (10.97.85.73), Dst: 10.97.127.7
(10.97.127.7)
Transmission Control Protocol, Src Port: 27608 (27608), Dst Port: https
(443), Seq: 106, Ack: 127, Len: 7
Secure Socket Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Bad Record MAC)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Bad Record MAC (20)
After this the communication closes cleanly - Fin-Ack-Fin-Ack.
Thank you,
