10

We have a web application where sometimes the request are broken on irregular basis and only using the Firefox browser the error that comes up is :

SSL_ERROR_BAD_MAC_READ 
-12273 
"SSL received a record with an incorrect Message Authentication Code."

One customer claimes that they have this error about every 3 minutes but the others doesn't have this problem, but the other customers have this problem only a few times.

Any idea how find out the source of that problem?

I browsed a little through the Firefox code and found that 

if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) {
    /* MAC's didn't match... */
    SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d",
         SSL_GETPID(), ss->fd, ss->sec.rcvSequence));
    PRINT_BUF(1, (ss, "computed mac:", mac, macLen));
    PRINT_BUF(1, (ss, "received mac:", pBuf, macLen));
    PORT_SetError(SSL_ERROR_BAD_MAC_READ);
    rv = SECFailure;
    goto cleanup;
}

Obviously it is possible to see what was the received mac and what was the computed mac...anyone know where those logs are in FF or maybe I should enable some logging in FF?

Where can I find the logs for this in Firefox?

Lynn Crumbling
  • 12,985
  • 8
  • 57
  • 95
simonC
  • 4,101
  • 10
  • 50
  • 78

3 Answers3

5

We upgraded openSSL to the latest version available for our platform, and it worked. The problem is gone, so it was probably a bug in the openSSL implementation.

petrsnd
  • 6,046
  • 5
  • 25
  • 34
simonC
  • 4,101
  • 10
  • 50
  • 78
3

This could be an issue with SSL implementation you are using. MAC is like hash of the ssl packet transferred. If the ssl packet is not flushed properly by the implementation (eating some byes or not flushing completely) you will see these kind of issues.

Ramesh PVK
  • 15,200
  • 2
  • 46
  • 50
  • I forgot to mention that we are using Apache with mod_jk and open_ssl in front of jboss5.1...could be this am isue with the mod_jk ssl configuration? – simonC May 27 '11 at 08:11
  • Are you accessing it from a browser? Is it latest? It could be browser issues also. – Ramesh PVK May 27 '11 at 08:24
  • Yes accessing from browser Firefox 4.0.1...on firefox web page I cann not find the report for this problem. But it happened also on older versions of Firefox – simonC May 27 '11 at 08:33
  • 1
    Then it could be an issue with Firefox. I think you got problem rt, the issue can be there with client/server, MAC is like md5 hash which is calculated and sent along with the date by the server, and the client verifies if the data is intact by calculating the received data MAC and comparing it with the MAC sent by the sender. – Ramesh PVK May 27 '11 at 08:37
  • The problem can be at either of the ends, could be with using buffers. Try updating with new Firefox verion. – Ramesh PVK May 27 '11 at 08:38
  • @Ramesh PVK tnx for the info.... 4.0.1 is the latest Firefox ... but I went thrugh their source code and find that the difference of MAC is loged (see my first questin I updated it), now I have to find out where the logs for that are storred – simonC May 27 '11 at 09:33
  • Stil searching for a solutin...we are using "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" on server...I'll try to update to newer version – simonC May 30 '11 at 08:06
  • Not just the openssl on server. It can be problem with the client(i.e, browser) as well. – Ramesh PVK May 31 '11 at 05:07
1

I opened the cmd window and used the ipconfig /flushdns command while FF was closed. I reopened it and I was able to access the URL successfully.

user4902015
  • 11
  • 1
  • This does not answer the OP's question, who says it's happening on an irregular basis and for some people only. If you want to suggest a potential and partial solution, please use comments rather than answers. – Christian Rondeau May 15 '15 at 00:54