Welcome! Log In Create A New Profile

Advanced

ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

Abilio Marques
March 08, 2018 06:18AM
Using NGINX 1.12.2 on MIPS (haven't tested on x86), if I set:

ssl_session_cache shared:SSL:1m; # it also fails with 10m


And the client reestablishes the connection, it
gets: net::ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session.

Has anyone seen anything like this?


More detail:

This was tested on 1.12.2, on a MIPS CPU, using OpenSSL 1.0.2j, and built
by gcc 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r47070).

Interesting portion of my configuration file:

server {
listen 443 ssl;

ssl_certificate /etc/ssl/certs/bridge.cert.pem;
ssl_certificate_key /etc/ssl/private/bridge.key.pem;

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_ecdh_curve prime256v1;

ssl_session_timeout 24h;
ssl_session_tickets on;
ssl_session_cache shared:SSL:1m; # set to 10m, still fails, remove, the
problem seems to disappear

keepalive_timeout 1s; # reduced during troubleshooting to make it
trigger easily
keepalive_requests 1; # reduced during troubleshooting to make it
trigger easily

include apiv1.conf; # where all the location rules are
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

Abilio Marques March 08, 2018 06:18AM

Re: ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

Maxim Dounin March 11, 2018 07:58PM

Re: ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

abiliojr March 19, 2018 10:06AM

Re: ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

Maxim Dounin March 19, 2018 11:36AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 154
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready