Re: SSL error: decryption failed or bad record mac

On Nov 27, 2006, at 12:06 PM, Claudio Rossi wrote:
> Hello, I just installed postgresql 8.1.5 and the only things I
> ported from 8.0.3 (last version I used) are server, user and CA
> X509 certificates (fresh install for everything else). I'm using
> OpenSSL 0.9.8d, Fedora Core 4, I have enabled SSL as described in
> manual (at every step where it's needed) and I had no problems with
> previous 8.0.3. This is the problem: when I set up a SSL connection
> I get this log output:
>
> DEBUG: SSL connection from "common_name"
> DEBUG: SSL: write alert (0x0214)
> LOG: SSL error: decryption failed or bad record mac
>
> and backend returns a signal 15, terminating connection. Any idea?
> Does anybody know what kind of error is "decryption failed or bad
> record mac" (I mean, client certificate error? server certificate
> error?)? Thanks.

You might gain some insight by looking at the code, but I'll bet that
that decryption failed error is from SSL itself. You might have
better luck asking the OpenSSL folks. Or it might be easier to just
re-generate all your certs.

Might be worth reading through the release notes to see if anything
SSL related has changed between 8.0.3 and 8.1.5.
--
Jim Nasby jim(at)nasby(dot)net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)