Opened 9 years ago

Closed 3 years ago

#2446 closed defect (fixed)

Tech Evangelism - ssl_error_bad_mac_read -> website is broken

Reported by: cypherpunks Owned by: nickm
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I use Tor to access my Wordpress blog, with Firefox in Mandriva Linux, I always get an SSL error every time I make a request to Wordpress, such as when updating the blog or publishing a new article. It requires several resends before the request goes through.

Child Tickets

Change History (12)

comment:1 Changed 9 years ago by nickm

What program reports an ssl error? What is the exact text of the error message?

comment:2 Changed 8 years ago by cypherpunks

Sorry for late reply.

Browser: Firefox 3.6.13
OS: Mandriva Linux 2010.2
kernel 2.6.33.7-7mdv-1-1mdv2010.1
SSL: openssl-1.0.0a-1.6mdv2010.1

Error message from Firefox when posting to Wordpress:

{{{Secure Connection Failed
An error occurred during a connection to *blogname*.wordpress.com.
SSL received a record with an incorrect Message Authentication Code.
(Error code: ssl_error_bad_mac_read)

  • The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
  • Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.}}}

This error is seen only in Firefox. Eventually, after several retries, the page will load. Wordpress support says they have checked their SSL and report no problem, and said I should file a bug report here.

Thanks.

comment:3 Changed 8 years ago by nickm

Milestone: Tor: 0.2.1.x-finalTor: unspecified
Reporter: changed from cypherpunks to p

Very strange. I've not run into this previously. If it's an attempted attack, it's a pointless one: any SSL implementation on earth should be able to detect it. I wonder if you're getting any odd kind of data corruption.

Do you have any unusual torrc options set?

comment:4 Changed 8 years ago by nickm

Reporter: changed from p to cypherpunks

comment:5 Changed 8 years ago by arma

Another option is that it's not a Tor bug at all, but is instead an exit relay with some broken firewall that's mangling your ssl flow. In that case we're unlikely to track it down by staring at the Tor code. :)

comment:6 Changed 8 years ago by cypherpunks

torrc is as created by tor: it contains only the control port, data dir, hashed password, and log notice variables. as for data corruption, I wouldn't be able to tell. as it's only used for blog postings (text and photos), there doesn't seem to be any. but the problem persists on almost every click of the "update" or "post" button. I read somewhere (sorry didn't note link) that it could be a result of the extensive use of Javascript at Wordpress, if that makes any sense to you.

Thanks.

comment:7 Changed 8 years ago by nickm

Status: newneeds_review

comment:8 Changed 8 years ago by nickm

Owner: set to nickm
Status: needs_reviewassigned

comment:9 Changed 8 years ago by nickm

Status: assignedneeds_information

Oops. this should have been "needs information", not "needs review"

comment:10 Changed 7 years ago by nickm

Keywords: tor-client added

comment:11 Changed 7 years ago by nickm

Component: Tor ClientTor

comment:12 Changed 3 years ago by bugzilla

Component: Core Tor/TorApplications/Tor Browser
Keywords: tor-client removed
Milestone: Tor: unspecified
Resolution: fixed
Severity: Normal
Status: needs_informationclosed
Summary: SSL error bad_mac_read in WordpressTech Evangelism - ssl_error_bad_mac_read -> website is broken
Version: Tor: 0.2.1.26
Note: See TracTickets for help on using tickets.