stackoom
  简体   繁体   中英

Python Cherrypy DECRYPTION_FAILED_OR_BAD_RECORD_MAC

 原文  2021-11-28 06:39:27       python/ ssl/ cherrypy/ cheroot

Question

Good day, I've an app that is uses Cherrypy to server a simple website. From time to time I get DECRYPTION_FAILED_OR_BAD_RECORD_MAC error. I've never seen an issue my self while testing, this only obvious in logs.

[26/Nov/2021:02:50:39] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/home/user/app/venv/lib/python3.8/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/home/user/app/venv/lib/python3.8/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/home/user/app/venv/lib/python3.8/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/home/user/app/venv/lib/python3.8/site-packages/cheroot/connections.py", line 272, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/home/user/app/venv/lib/python3.8/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:1131)

Is there a simple way for Cherrypy to log this as one line error in logs or is there a way to fix it?

1 answers

solution1
 0  2022-05-09 06:28:53

I encountered the same (and also SSLV3_ALERT_BAD_CERTIFICATE). My setup: CherryPy 18.5.0; Python 3.7

I use Self-signed certificate (I think this is the key info for the issue)

Due to the not trusted certificate, browsers indicate that it is not a properly secured connection. Users need to click confirm that they still want to browse the pages. Access attempts from Edge or Chrome do not trigger this CherryPy error. Firefox seems to send something to the server even before it made sure that the request is to go ahead (ie even before confirm).

IMHO, CherryPy should handle the SSL errors (catch the exceptions) and let the users handle them.

Since I cannot control users' browser selection, nor can I catch the SSL exception, my "solution" was to get the users install the self-signed certificate. From that point on, they can browse the pages without warning and no such CherryPy error pops up in the logs anymore.

I know this is a pretty weak solution, but nobody answered, so I thought I'd share this, as it might help someone.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Problem with discord bot on python SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] Qualtrics API, getting "[SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:2570)" Python SSL error Decryption failed or bad record mac Python: decryption failed or bad record mac when calling from Thread decryption failed or bad record mac in multiprocessing Flask, gunicorn, psycopg2 - OperationalError SSL error: decryption failed or bad record mac Flask and Celery on Heroku: sqlalchemy.exc.DatabaseError: (psycopg2.DatabaseError) SSL error: decryption failed or bad record mac python cipher decryption failed SSL error: bad record mac - Managing multiple connections with PostgreSQL and Python multiprocessing ssl.SSLError: [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM