1Answer
  • 5
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

HTTPS download failures

When downloading HTTPS resources (from internet hosts such as dl.google.com) on my local network I frequently get the following error:

error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

which makes it practically impossible to download anything via HTTPS.

The problem happens only when downloading relatively large files (i.e more than a few dozens of MB), not when browsing pages. Downloads randomly fail at some point, be it with a browser or with a command line tool such as curl/wget.

For instance:

$ curl https://dl.google.com/android/repository/android_m2repository_r46.zip

...

curl: (56) SSL read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac, errno 0

I have the same issue on different machines (ubuntu & OS X), but only when they are on this network. Therefore I assume the problem is somewhere in my local network's infrastructure.

Any idea?

Result of search engine reseaches regarding this error message:

  • In this question it's a server side bug specific to a particular host, which is not relevant for me, since I observed the issue on several major hosts (such as dl.google.com)
  • I found issues specifically related to nodeJs, Apache Traffic Server and OpenSSL, but in my case the issue happens on different operating systems, and only when they are on that specific local network.
ssl
    • That's not evident and you wouldn't believe the number of people who clearly don't even bother before posting here. You should tell us what you found and why it wasn't useful...
      • 2
    • @GeorgeErhard The problem happens only when downloading relatively large files (i.e more than a few dozens of MB), not when browsing pages. Downloads randomly fail at some point, be it with a browser or with a command line tool such as curl/wget.
      • 2
    • @GeorgeErhard Done. It's not only across the LAN, since it happens when downloading files from dl.google.com, for instance.
    • @GeorgeErhard Interesting. So the issue might be caused by packet losses at the switch level. I'll definitely look into that. (Actually that could even be posted as an answer)

The specific symptoms indicate that there may be some form of packet loss between the host and the client.

Keep in mind that HTTPS is an encrypted form of HTTP, which is a "best effort" protocol, unlike FTP or SCP which maintain a connection and provide retransmission of bad data automatically.

Because the protocol is encrypted, data transferred over HTTPS must be decrypted at the client before it can be displayed or opened. The error message is reporting that this decryption phase has failed. There's not much detail as to why, just that it didn't work.

Because this only seems to effect large files, not small ones, we can immediately assume that files sent in a small number of packets work, while files sent via large numbers of packets are prone to failure. The failures are also random. These failures affect multiple clients (using multiple browsers and OS's) on a single network but are not observed on other networks.

The common component to all clients on a LAN would be the gateway for that LAN. By logical reduction, something on that gateway is sporadically corrupting data on the way through.

While I cannot state for sure that "packet loss" or other network-related failures in transmission is the cause, I suspect that to be the case. An examination of the switch's logs (if it is managed) or a Wireshark analysis of the file transfer should point out the culprit.

  • 3
Reply Report
      • 1
    • I'll wait until I have investigated the switch's logs before accepting the answer, but it definitely makes sense so far.
      • 2
    • The problem actually seems to be on the gateway (a Cisco RV325 router), because everything's fine when connecting the PC directly on the internet box (before the gateway). I checked its web interface but it says "0 packet failure" on all the ports.
      • 1
    • Have you run a Wireshark capture of the file transfer(s)? This would need to be done on the affected machine(s). Also, if you've multiple LAN ports on that router, try a diff. port, and see if the problem persists.
      • 2
    • Yep, your RV232 seems to be losing data sporadically on the LAN side (since it doesn't log any lost data coming from WAN port). Might be correctable with a restart or a firmware update, if not, time for a replacement router.

Trending Tags