"SSLv3 bad record mac" with Ruby OpenSSL

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

"SSLv3 bad record mac" with Ruby OpenSSL

Luke Carpenter
Hi,

I am attempting to implement the STARTTLS extension (RFC 3207) for SMTP in Ruby,
and I'm not getting very far because, if I'm perfectly honest, I don't know my way around
OpenSSL, nor SSL itself.

My aim is to allow a SMTP to open a standard TCP socket, send "STARTTLS", the
server and client initiate and secure an SSL connection, and then the SMTP session is
considered secure

The code was working during testing, but in production where it is taking "heavy" load,
I will see the message "SSLv3 bad record mac" appearing as an SSLError exception
about 1 in every 10 requests.

I have cobbled together the various code from method lists, and consequently, I'm not
sure if this is the recommended method for going about this (evidently not, as I'm
occasionally reading binary from the socket, causing a JSON parse error when I
attempt to queue the message), but I would very much appreciate any help you
could give me with finding the bug in this code:

def process_starttls
  send_line "220 Go ahead"
  @state.clear
  @ssl = true
  @ctx = OpenSSL::SSL::SSLContext.new
  @ctx.cert = OpenSSL::X509::Certificate.new File.read "/home/luke/Dropbox/Keys/ghstwrks.com.crt"
  @ctx.key = OpenSSL::PKey::RSA.new File.read("/home/luke/Dropbox/Keys/ghstwrks.com.key"), "not_an_actual_secret"
  @socket = OpenSSL::SSL::SSLSocket.new @socket, @ctx
  @socket.accept
end

The errors will occur when reading from @socket later on in the program

I would be eternally grateful if anybody could teach me how OpenSSL sockets work, or point me the direction of a resource which can

I can pay you back with documentation if you would like?


Thanks,
Luke