decryption failed or bad record macThis is a discussion on decryption failed or bad record mac within the Openssl forums, part of the Tools category; Openssl version: 0.9.8a Objective: secure FTP (SFTP) w/o pasv Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet. If ... | ||||||||
| ||||||||
| Unix Content | Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
08-25-2008, 11:55 AM
|
 decryption failed or bad record mac Openssl version: 0.9.8a Objective: secure FTP (SFTP) w/o pasv Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet. If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error. Scenario: client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work. client (non-route able ip on DMZ) tries to connect to server. Does work. Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug? -- View this message in context: http://www.nabble.com/decryption-fai...p19146541.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org  |
|
#2
08-25-2008, 12:22 PM
|
| Re: decryption failed or bad record mac Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point. -Kyle H On Mon, Aug 25, 2008 at 8:55 AM, firelight > > Openssl version: 0.9.8a > Objective: secure FTP (SFTP) w/o pasv > > Everything works with self signed cert if client that is going to connect is > located ONLY on the same subnet. > > If I try to connect a client to the server from outside the subnet, ie. > internet client user, I get a "decryption failed or bad record mac" error. > > Scenario: > client (public ip) tries to connect to server (non-route able ip on DMZ with > public IP forwarded). Won't work. > client (non-route able ip on DMZ) tries to connect to server. Does work. > > Is there a mechanism inside OpenSSL that doesn't allow cert pass through if > client isn't on the same subnet? Is this a bug? > -- > View this message in context: http://www.nabble.com/decryption-fai...p19146541.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > > __________________________________________________ ____________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majordomo@openssl.org > __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org |
|
#3
08-25-2008, 02:47 PM
|
| Re: decryption failed or bad record mac FIXED Was a problem with smart defense center altering the packet. Thanks for the quick reply. wolfoftheair wrote: > > Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point. > > -Kyle H > > On Mon, Aug 25, 2008 at 8:55 AM, firelight > wrote: >> >> Openssl version: 0.9.8a >> Objective: secure FTP (SFTP) w/o pasv >> >> Everything works with self signed cert if client that is going to connect >> is >> located ONLY on the same subnet. >> >> If I try to connect a client to the server from outside the subnet, ie. >> internet client user, I get a "decryption failed or bad record mac" >> error. >> >> Scenario: >> client (public ip) tries to connect to server (non-route able ip on DMZ >> with >> public IP forwarded). Won't work. >> client (non-route able ip on DMZ) tries to connect to server. Does work. >> >> Is there a mechanism inside OpenSSL that doesn't allow cert pass through >> if >> client isn't on the same subnet? Is this a bug? >> -- >> View this message in context: >> http://www.nabble.com/decryption-fai...p19146541.html >> Sent from the OpenSSL - User mailing list archive at Nabble.com. >> >> __________________________________________________ ____________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majordomo@openssl.org >> > __________________________________________________ ____________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majordomo@openssl.org > > -- View this message in context: http://www.nabble.com/decryption-fai...p19149429.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org |
