What causes FF to produce SSL_ERROR_BAD_MAC_READ?

Question

We have a web application where sometimes the request are broken on irregular basis and only using the Firefox browser the error that comes up is :

SSL_ERROR_BAD_MAC_READ 
-12273 
"SSL received a record with an incorrect Message Authentication Code."  

One customer claimes that they have this error about every 3 minutes but the others doesn't have this problem, but the other customers have this problem only a few times.

Any idea how find out the source of that problem?

I browsed a little through the Firefox code and found that

if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) {
    /* MAC's didn't match... */
    SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d",
         SSL_GETPID(), ss->fd, ss->sec.rcvSequence));
    PRINT_BUF(1, (ss, "computed mac:", mac, macLen));
    PRINT_BUF(1, (ss, "received mac:", pBuf, macLen));
    PORT_SetError(SSL_ERROR_BAD_MAC_READ);
    rv = SECFailure;
    goto cleanup;
}

Obviously it is possible to see what was the received mac and what was the computed mac...anyone know where those logs are in FF or maybe I should enable some logging in FF?

Where can I find the logs for this in Firefox?

Answer 1

We upgraded openSSL to the latest version available for our platform, and it worked. The problem is gone, so it was probably a bug in the openSSL implementation.

Answer 2

This could be an issue with SSL implementation you are using. MAC is like hash of the ssl packet transferred. If the ssl packet is not flushed properly by the implementation (eating some byes or not flushing completely) you will see these kind of issues.