I've installed an SSL cert onto an Apache2 server which serves intranet content. Internet Explorer 6/7 and Safari 4 can connect to the site just fine. However, when I attempt to access the site with Firefox, I get the following error:
An error occurred during a connection to intranet:8080.
SSL peer reports incorrect Message Authentication Code.
(Error code: ssl_error_bad_mac_alert)
I'm running a standard Apache2/OpenSSL setup on Solaris 10. I tried enabling the SSLSessionCache, but that did not fix the problem.
We're using an internal CA, which is trusted by IE.
I can also reproduce the problem with curl:
* About to connect() to intranet port 8080 (#0)
* Trying x.x.x.x... connected
* Connected to intranet (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):
* error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
* Closing connection #0
curl: (35) error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
Looks like the problem was caused by Apache2 being compiled with the worker mpm.
There used to be further information at http://opensolaris.org/jive/thread.jspa?messageID=265271 but this now returns an error page.
I had this problem but with a site that stopped working after a Firefox upgrade.
The Fix:
Change Firefox security settings. It seems Firefox is disabling older ssl standards.
In Firefox address bar enter
about:configIn search enter
security.ssl3Toggle false values to
trueYou should now be able to get to your sites.