[erlang-questions] SSL Server Bad record mac error

Morgan Segalis <>
Mon Jul 23 11:58:54 CEST 2012


Hi everyone,

I'm currently trying to find out, where could come from this error : 

=ERROR REPORT==== 23-Jul-2012::11:03:56 ===
SSL: certify: ssl_record.erl:654:Fatal error: bad record mac

The SSL function where it is coming from is decipher: 

---------------------------------- ssl_record.erl ---------------------------------------------

decipher(TLS=#ssl_tls{type=Type, version=Version, fragment=Fragment}, CS0) ->
    SP = CS0#connection_state.security_parameters,
    BCA = SP#security_parameters.bulk_cipher_algorithm, 
    HashSz = SP#security_parameters.hash_size,
    CipherS0 = CS0#connection_state.cipher_state,
    case ssl_cipher:decipher(BCA, HashSz, CipherS0, Fragment, Version) of
	{T, Mac, CipherS1} ->
	    CS1 = CS0#connection_state{cipher_state = CipherS1},
	    TLength = size(T),
	    {MacHash, CS2} = hash_and_bump_seqno(CS1, Type, Version, TLength, T),
	    case is_correct_mac(Mac, MacHash) of
		true ->		  
		    {TLS#ssl_tls{fragment = T}, CS2};
		false ->
		    ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC)                      %%<-------- HERE
	    end;
	#alert{} = Alert ->
	    Alert
    end.
----------------------------------------------------------------------------------------------------

I'm not really sure if this error is happening at handshake, or read.
The thing is, the error is only coming only from users connecting from a BlackBerry device (Can't know which OS version, I suppose it comes from rather old devices).

If there is nothing I can't do server-side, does anyone could point out how to handle the error, in order to close cleanly the connection ?

Regards,

Morgan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120723/a12c7fc4/attachment.html>


More information about the erlang-questions mailing list