Error: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with X.X.X.X: decryption failed or bad record mac

Bug #1928216 reported by Renat Gataullin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nagios-nrpe (Ubuntu)
Undecided
Unassigned

Bug Description

Hello, I have odd behavior on one of my Ubuntu servers after updating Nagios server to Ubuntu 18.04.
That is the only server that has the issue and this server is in a different time zone also its server communicates with the Nagios server through a tunnel.

May 12 17:10:29 svn-blr nrpe[4190]: Listening for connections on port 5666
May 12 17:10:29 svn-blr nrpe[4190]: Allowing connections from: 127.0.0.1,10.100.0.199,nagios.welldocinc.com
May 12 17:10:42 svn-blr nrpe[4204]: CONN_CHECK_PEER: checking if host is allowed: 10.100.0.199 port 60596
May 12 17:10:42 svn-blr nrpe[4204]: Connection from 10.100.0.199 port 60596
May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): is host >10.100.0.199< an allowed host >10.100.0.199<
May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): is host >10.100.0.199< an allowed host >10.100.0.199<
May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): host is in allowed host list!
May 12 17:10:42 svn-blr nrpe[4204]: Host address is in allowed_hosts
May 12 17:10:43 svn-blr nrpe[4204]: Error: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with 10.100.0.199: decryption failed or bad record mac
May 12 17:10:43 svn-blr nrpe[4204]: Connection from 10.100.0.199 closed.
rgataullin@svn-blr:~$ decryption failed or bad record macError: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with 10.100.0.199: decryption failed or bad record mac

Wed May 12 17:48:53 IST 2021

Revision history for this message
Alex Murray (alexmurray) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Revision history for this message
Renat Gataullin (rgataullin) wrote : Re: [Bug 1928216] Re: Error: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with X.X.X.X: decryption failed or bad record mac
Download full text (3.2 KiB)

I apologize but I was wrong and we cannot call it a bug.
Turned out the FW was interfering with traffic. Everything is okay now.
Thanks a lot

On Fri, May 14, 2021 at 1:40 AM Alex Murray <email address hidden>
wrote:

> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. We appreciate the difficulties you are facing, but this appears
> to be a "regular" (non-security) bug. I have unmarked it as a security
> issue since this bug does not show evidence of allowing attackers to
> cross privilege boundaries nor directly cause loss of data/privacy.
> Please feel free to report any other bugs you may find.
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1928216
>
> Title:
> Error: (ERR_get_error_line_data = 336130329), Could not complete SSL
> handshake with X.X.X.X: decryption failed or bad record mac
>
> Status in nagios-nrpe package in Ubuntu:
> New
>
> Bug description:
> Hello, I have odd behavior on one of my Ubuntu servers after updating
> Nagios server to Ubuntu 18.04.
> That is the only server that has the issue and this server is in a
> different time zone also its server communicates with the Nagios server
> through a tunnel.
>
>
> May 12 17:10:29 svn-blr nrpe[4190]: Listening for connections on port
> 5666
> May 12 17:10:29 svn-blr nrpe[4190]: Allowing connections from:
> 127.0.0.1,10.100.0.199,nagios.welldocinc.com
> May 12 17:10:42 svn-blr nrpe[4204]: CONN_CHECK_PEER: checking if host is
> allowed: 10.100.0.199 port 60596
> May 12 17:10:42 svn-blr nrpe[4204]: Connection from 10.100.0.199 port
> 60596
> May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): is
> host >10.100.0.199< an allowed host >10.100.0.199<
> May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): is
> host >10.100.0.199< an allowed host >10.100.0.199<
> May 12 17:10:42 svn-blr nrpe[4204]: is_an_allowed_host (AF_INET): host
> is in allowed host list!
> May 12 17:10:42 svn-blr nrpe[4204]: Host address is in allowed_hosts
> May 12 17:10:43 svn-blr nrpe[4204]: Error: (ERR_get_error_line_data =
> 336130329), Could not complete SSL handshake with 10.100.0.199:
> decryption failed or bad record mac
> May 12 17:10:43 svn-blr nrpe[4204]: Connection from 10.100.0.199 closed.
> rgataullin@svn-blr:~$ decryption failed or bad record macError:
> (ERR_get_error_line_data = 336130329), Could not complete SSL handshake
> with 10.100.0.199: decryption failed or bad record mac
>
> Wed May 12 17:48:53 IST 2021
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1928216/+subscriptions
>

--
***This e-mail message is intended only for the named recipient(s) above.
It may contain information that is confidential and/or privileged. If you
are not the intended recipient, you must not keep, use, disclose, copy or
distribute this email without the author's prior permission. If you have
received this e-mail in error, please notify the sender immediately by
return e-mail and delete this e-mai...

Read more...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for reporting back Renat !
Closing the bug as invalid due to the above statement.

Changed in nagios-nrpe (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers