HTTP SSL "Incorrect Message Authentication Code" error



17 years ago
2 years ago


(Reporter: sharding, Assigned: ssaux)


1.0 Branch
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)





17 years ago
This is an offshoot from Bug �162752 which concerns incorrect MAC errors in IMAPS.

When going to, I get a
dialog box with the text: " received a message with
incorrect Message Authentication Code. If the error occurs frequently, contact
the website administrator."

The URL loads correctly in IE and wget on the same machine.

This is Mozilla build 2002082909 on Mac OS X 10.2.

Comment 1

17 years ago
Confirmed using FizzillaCFM/2002090508 on 10.1.5. It works fine using
Ever confirmed: true

Comment 2

17 years ago
Confirmed with Moz1.2a (20020910) under Windows using a different server.


17 years ago
Keywords: nsbeta1
OS: MacOS X → All
Priority: -- → P3
Hardware: Macintosh → All
Version: unspecified → 2.4


17 years ago
Blocks: 169277

Comment 3

17 years ago
A workaround is to disable TLS. Edit>Prefs>Privacy>SSL

Comment 4

17 years ago
I get the same on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1)
Gecko/20020826 on a different server.  It's odd because the server was working
earlier today, and now it's not, and I haven't changed anything on the server or
in Mozilla (though I may have checked 'save this certificate', which is the
standard snakeoil.dom dummy cert apache/modssl creates).

Comment 5

17 years ago
I tried disabling TLSv1 as junruh suggested, but that did not help.  I checked
the ssl_error_log on the server and found this bit of helpful info:

[Wed Sep 18 16:03:51 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details
of a re-created server certificate?]
[Wed Sep 18 16:03:56 2002] [error] mod_ssl: SSL handshake failed (server, client (OpenSSL library error follows)
[Wed Sep 18 16:03:56 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details
of a re-created server certificate?]
[Wed Sep 18 16:18:10 2002] [error] mod_ssl: SSL handshake failed (server, client (OpenSSL library error follows)

As openssl is suggesting, I think this is what's happening, since I'm using the
www.snakeoil.dom certificate - but I'm using different snakeoil.dom certificates
on different sites, as on each server I run "make certificate type=dummy" when
installing apache.  As I said above, this problem only started happening when I
clicked "remember this cert".  I tried to go in and delete the cert, but when I
clicked delete, nothing happened, and it looks like they're stored in a binary
file so I can't manually delete the cert.  Is there another way?  

For the time being I guess I'll just make a different cert for this server.

Comment 6

17 years ago
With the latest nightly build from, you can delete web site 

Comment 7

17 years ago
I also see this at "". Press the green button named "LOGG
INN" on the left frame.

This error appears on 1.2a, but not on 1.1.

Comment 8

17 years ago
The site mentioned above is TLS intolerant - IBM_HTTP_Server/
Apache/1.3.7-dev (Win32). Try disabling TLS.

Comment 9

17 years ago
I managed to get around the certificate problem I mentioned above by deleting
the www.snakeoil.dom certificate.  However, on another server, I get the
"Incorrect Message Authentication Code" error.  I am using Mozilla/5.0 (Windows;
U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910.

Following is the portion of the ssl_engine_log from when I try to connect with

[25/Sep/2002 16:19:25 14609] [info]  Connection to child 0 established (server, client
[25/Sep/2002 16:19:25 14609] [info]  Seeding PRNG with 1160 bytes of entropy
[25/Sep/2002 16:19:25 14609] [error] SSL handshake failed (server, client (OpenSSL library error follows)
[25/Sep/2002 16:19:25 14609] [error] OpenSSL:

Following is the section of the log when I connect with IE6:

[25/Sep/2002 16:20:24 14616] [info]  Connection to child 6 established (server, client
[25/Sep/2002 16:20:24 14616] [info]  Seeding PRNG with 1160 bytes of entropy
[25/Sep/2002 16:20:24 14616] [info]  Connection: Client IP:,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[25/Sep/2002 16:20:24 14616] [info]  Initial (No.1) HTTPS request received for
child 6 (server
[25/Sep/2002 16:20:24 14616] [info]  Connection to child 6 closed with unclean
shutdown (server, client

Someone above had suggested disabling TLS in Mozilla; I have done that and it
still does not work.  The last time this happened, I uninstalled Mozilla,
deleted the remaining files in the Application Data directory, and reinstalled
and it worked.  I'm going to try phoenix now and see if that works, since I
don't feel like uninstalling and reinstalling Mozilla again.

Comment 10

17 years ago
I should have added that when I connected with IE6, it worked fine.  Also, I
just tried with "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b)
Gecko/20020923 Phoenix/0.1" and it seems to work fine.

Comment 11

17 years ago
The nightly versions compiled before september seem to work well. A version
dated of 15 august works well. Why did the bug appeared? Maybe analysing chenges
in the source could help...

Comment 12

16 years ago
Sticking with the original bug, marking this a dupe of bug 162752 - TLS 
intolerant server problem.
Evan Hoffman, your problem appears to be a duplicate of bug 169696 and not 
related to TLS intolerance.

*** This bug has been marked as a duplicate of 162752 ***
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE

Comment 13

16 years ago
I tested the patch from bug 163605 will fix this problem.
Depends on: 163605


14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core


11 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.