Skip to content

Decryption failed or bad record mac #1756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
const-t opened this issue Nov 21, 2022 · 2 comments · Fixed by #1820
Closed

Decryption failed or bad record mac #1756

const-t opened this issue Nov 21, 2022 · 2 comments · Fixed by #1820
Assignees
@const-t
Labels
bug crucial h2
Milestone
0.7 - HTTP/2

Comments

@const-t
Copy link
Contributor

const-t commented Nov 21, 2022
edited
Loading

Scope

Faced curl: (56) OpenSSL SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac, errno 0 when sending parallel http2 requests by curl or via h2load when tempesta config contained resp_hdr_set directive.

Testing

listen 443 proto=h2;
listen 80;

# Allow only following characters in URI (no '%'): /a-zA-Z0-9&?:-._=
http_uri_brange 0x2f 0x41-0x5a 0x61-0x7a 0x30-0x39 0x26 0x3f 0x3a 0x2d 0x2e 0x5f 0x3d;

srv_group default {
    server 127.0.0.1:8080 conns_n=16;
}

vhost debian {

    proxy_pass default;

    tls_certificate /etc/tempesta/tfw-root.crt;
    tls_certificate_key /etc/tempesta/tfw-root.key;
    resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains";
}

cache 0;
cache_fulfill * *;
block_action attack reply;

http_chain {
  -> debian;
}

Command: curl -k --parallel --parallel-immediate https://debian https://debian https://debian https://debian
@const-t const-t self-assigned this Nov 21, 2022
@krizhanovsky
Copy link
Contributor

@const-t can you add the description of the error itself?

@krizhanovsky
Copy link
Contributor

Relates to #1669

@const-t const-t linked a pull request Apr 6, 2023 that will close this issue
Reworked HTTP1 -> HTTP2 message transformation #1820
Merged
@const-t const-t closed this as completed Apr 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@const-t const-t

Labels
bug crucial h2
Projects
None yet
Milestone
0.7 - HTTP/2
Development

Successfully merging a pull request may close this issue.

Reworked HTTP1 -> HTTP2 message transformation tempesta-tech/tempesta
2 participants
@krizhanovsky @const-t