You are not logged in.

#1 2017-07-27 16:38:04

daniel1988
Member
Registered: 2009-06-28
Posts: 34

Random SSL failures

I recently installed Arch on a shiny new Dell Precision 5520 laptop. Things are generally working fine, except of random SSL related error that I get.

Here are some error messages that I get when I want to install things.

curl: (56) OpenSSL SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac, errno 0
==> ERROR: Failure while downloading https://github.com/wireapp/wire-desktop/archive/release/2.15.2751.tar.gz
    Aborting...
Error installing wire-desktop-beta : exit status 1
Error: 139910353111936:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535:
Unhandled rejection Error: 139910353111936:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535:
    at Error (native)
From previous event:
    at /tmp/yaytmp/wire-desktop-beta/src/wire-desktop-release-2.15.2751/node_modules/electron-builder/src/packager/dirPackager.ts:51:7
    at next (native)
From previous event:
...
neon info forcing rebuild for new build settings
neon info running cargo
    Updating registry `https://github.com/rust-lang/crates.io-index`
warning: spurious network error (2 tries remaining): [12/-1] SSL error: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
warning: spurious network error (1 tries remaining): [12/-1] SSL error: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
error: failed to load source for a dependency on `rust_sodium`
==> Installing openssl-git
==> Edit PKGBUILD? [y/N]
==> Making package: openssl-git 1.1.1.dev.20170712.084f9a7046-1 (Mon Jul 24 11:56:15 CEST 2017)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Cloning openssl git repo...
Cloning into bare repository '/tmp/yaytmp/openssl-git/openssl'...
remote: Counting objects: 319858, done.
remote: Compressing objects: 100% (164/164), done.
error: RPC failed; curl 56 OpenSSL SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac, errno 0
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

( ^^ this one I managed to install eventually, built the package on a different Dell Precision 5520 laptop)

>>>>>>>>>>>>>>>> PGP siguranture error:
error: openvpn: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is invalid
:: File /var/cache/pacman/pkg/openvpn-2.4.3-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Packages (2) txt2man-1.6.0-1  vala-0.36.4-1
Total Download Size:    1.69 MiB
Total Installed Size:  11.59 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
 vala-0.36.4-1-x86_64                                                                                                  1714.3 KiB   658K/s 00:03 [########################################################################################] 100%
 txt2man-1.6.0-1-any                                                                                                     14.1 KiB  0.00B/s 00:00 [########################################################################################] 100%
(2/2) checking keys in keyring                                                                                                                   [########################################################################################] 100%
(2/2) checking package integrity                                                                                                                 [########################################################################################] 100%
error: vala: signature from "Levente Polyak (anthraxx) <levente@leventepolyak.net>" is invalid
:: File /var/cache/pacman/pkg/vala-0.36.4-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
>>> git pull
remote: Microsoft (R) Visual Studio (R) Team Services
remote: Found 4286 objects to send. (1205 ms)
fatal: The remote end hung up unexpectedlyMiB | 2.05 MiB/s
fatal: early EOF
fatal: index-pack failed

After a couple of retires (sometimes many), those commands eventually succeed.

Switching to latest openssl-git doesn't help.

Errors are not related to pacman, because even decoding a video in the browser and git pull sometimes fails. Also, there are sometimes SSL errors in Firefox for well known websites. I should not be affected by man in the middle attack as I am connected directly to a corporate network where there are hundereds of other people connected as well.

I was suspecting on hardware issue on RAM module. Running memtest86 finished in ~6h and there were 0 Errors reported. So it should be something else faulty here.

There is nothing suspicious in dmesg or journalctl output.

What do you suggest to try next?

Offline

#2 2017-07-27 21:15:18

seth
Member
Registered: 2012-09-03
Posts: 50,015

Re: Random SSL failures

export OPENSSL_ia32cap=~0x200000200000000

ensure to install and activate intel-ucode, see https://wiki.archlinux.org/index.php/Microcode
Try ethernet (in case you're on wifi) in a different network (your company could very well be a benign-but-stupid MIM ;-)

Online

#3 2017-08-15 09:58:15

daniel1988
Member
Registered: 2009-06-28
Posts: 34

Re: Random SSL failures

I think I found what is causing the problem. When I use ethernet over Dell TB16 docking station the problem is there.
Tested on Wifi and for more than a week I didn't have any problem.
Then today I tested with another  Dell TB16, and the problem seems to be back. Since both of the docking stations show the same problem, there is either a problem with this batch of docking stations, or some SW problem in Arch or in Linux kernel.

Thanks a lot for the tip!

Offline

#4 2017-08-15 11:54:04

seth
Member
Registered: 2012-09-03
Posts: 50,015

Re: Random SSL failures

... or with the notebook, its NIC or the TB cable...

Does the notebook have an integrated RJ45 slot (so you can skip the  dock for ethernet)?

Online

#5 2017-08-22 14:28:12

daniel1988
Member
Registered: 2009-06-28
Posts: 34

Re: Random SSL failures

@seth as first, thank you smile

Laptop doens't have integrated RJ45 slot.
Another couple of days of testing with Thunderbolt to RJ45 adapter (passive), and things seem to work fine.

TB cable from laptop to docking station should not be faulty, since I tried before with a different docking stattion that includes a TB cable on it.

I think we are down to Arch support for Dell TB16 docking station (or a faulty batch of docking stattions from Dell).

Last edited by daniel1988 (2017-08-22 14:28:45)

Offline

#6 2017-08-23 10:16:45

seth
Member
Registered: 2012-09-03
Posts: 50,015

Re: Random SSL failures

Well, let's have a look at the harware and error messages then - "lspci -v" and "dmesg" outputs would be quite relevant (when attached to the dock and ideally after such error occurred)

Online

Board footer

Powered by FluxBB