On 31-07-2013 11:16, Rajeev Tomar wrote:
Hi
We are using openssl 0.9.8 in our application.
Things are working fine and suddenly we are having .
Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17
21:36:23 UTC 2012 i686 i686 i386 GNU/Linux
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac:s3_pkt.c:426:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:288:
error:1408F096:SSL routines:SSL3_GET_RECORD:encrypted length too
long:s3_pkt.c:346:
this error was random.
Even though application uses it’s own opnesssl 0.9.8 and M/C have
1.0.0j-fips.
Two things to check:
- Use the command cut -c 50- /proc/pid/maps | uniq (Change 50 to 74
on 64-bit kernels) to make sure your application is not loading a dynamic
libcrypt or libssl anyway.
- If your application uses the shared certificate trust store in
/etc/ssl/certs, note that OpenSSL 1 and OpenSSL 0.9 use incompatible
formats for the symlinks in that directory, so either you need to use
a different directory for your OpenSSL 0.9 applications or you need
some special tricks to set up a combined directory.
-bash-4.2# openssl version -a
OpenSSL 1.0.0j-fips 10 May 2012
built on: Tue May 15 18:44:01 UTC 2012
platform: linux-elf
options: bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO
-Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686
-mtune=atom -fasynchronous-unwind-tables -Wa,--noexecstack
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
-DWHIRLPOOL_ASM
OPENSSLDIR: /etc/pki/tls
engines: aesni dynamic
On reinstalling 1.0.0j-fips on this Machine error got fixed.
Now for the same application on Fedora 14, after reboot we have
encountered the above problem.
Linux 3UPCAWT605 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC
2010 i686 i686 i386 GNU/Linux
Any pointer what is the root cause of this problem or how to fix this.
Open SSL installed on second M/C
built on: Wed Sep 7 18:59:14 UTC 2011
platform: linux-elf
options: bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO
-Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686
-mtune=atom -fasynchronous-unwind-tables -Wa,--noexecstack
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
-DWHIRLPOOL_ASM
OPENSSLDIR: /etc/pki/tls
engines: aesni dynamic
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org