[Bug 1704585] [NEW] I'm getting error: SSL3_GET_RECORD:decryption failed or bad record mac

[als]

Public bug reported:

I have my own server (where I'm running Apache/2.4.27), and today I
realized that from (Brave and Google Chrome - different computers) I'm
getting from my websites this error;

This site can’t provide a secure connection

mywebsite.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

And the strange thing is that I'm getting this error every fifth click
on my website.

>From my conf file:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/mywebsite/chain.pem
SSLCompression off

from options-ssl-apache.conf;

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder     on
SSLCompression          off

I have checked log file from website but nothing, also nothing here;
/var/log/apache2/error.log

I'm trying to figure out what is causing this error, any ideas where can
I find more info or even better, how to solve this problem?

EDIT:

If I try openssl s_client -connect mywebsite.com:443, it will return:

I'm using: OpenSSL 1.1.0f

CONNECTED(00000003)

...

3073276480:error:1408F119:SSL routines:ssl3_get_record:decryption failed
or bad record mac:../ssl/record/ssl3_record.c:469:

apt-cache policy openssl
openssl:
  Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
  Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
  Version table:
 *** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
        500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
        100 /var/lib/dpkg/status
     1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
        500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
     1.0.1f-1ubuntu2.22 0
        500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
     1.0.1f-1ubuntu2 0
        500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages

lsb_release -rd

Description:	Ubuntu 14.04.5 LTS
Release:	14.04


I have tried so many things but no solution yet, so I think this is a possible bug.

Full debate about this issue is here:
https://serverfault.com/questions/859987/im-getting-error-ssl3-get-
recorddecryption-failed-or-bad-record-mac

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: openssl

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1704585

Title:
   I'm getting error: SSL3_GET_RECORD:decryption failed or bad record
  mac

Status in openssl package in Ubuntu:
  New

Bug description:
  I have my own server (where I'm running Apache/2.4.27), and today I
  realized that from (Brave and Google Chrome - different computers) I'm
  getting from my websites this error;

  This site can’t provide a secure connection

  mywebsite.com sent an invalid response.
  ERR_SSL_PROTOCOL_ERROR

  And the strange thing is that I'm getting this error every fifth click
  on my website.

  From my conf file:

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/mywebsite/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateChainFile /etc/letsencrypt/live/mywebsite/chain.pem
  SSLCompression off

  from options-ssl-apache.conf;

  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite          EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLHonorCipherOrder     on
  SSLCompression          off

  I have checked log file from website but nothing, also nothing here;
  /var/log/apache2/error.log

  I'm trying to figure out what is causing this error, any ideas where
  can I find more info or even better, how to solve this problem?

  EDIT:

  If I try openssl s_client -connect mywebsite.com:443, it will return:

  I'm using: OpenSSL 1.1.0f

  CONNECTED(00000003)

  ...

  3073276480:error:1408F119:SSL routines:ssl3_get_record:decryption
  failed or bad record mac:../ssl/record/ssl3_record.c:469:

  apt-cache policy openssl
  openssl:
    Installed: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
    Candidate: 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4
    Version table:
   *** 1.1.0f-2~ubuntu14.04.1+deb.sury.org+4 0
          500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main i386 Packages
          100 /var/lib/dpkg/status
       1.1.0f-2~ubuntu14.04.1+deb.sury.org+1 0
          500 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main i386 Packages
       1.0.1f-1ubuntu2.22 0
          500 http://si.archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
       1.0.1f-1ubuntu2 0
          500 http://si.archive.ubuntu.com/ubuntu/ trusty/main i386 Packages

  lsb_release -rd

  Description:	Ubuntu 14.04.5 LTS
  Release:	14.04

  
  I have tried so many things but no solution yet, so I think this is a possible bug.

  Full debate about this issue is here:
  https://serverfault.com/questions/859987/im-getting-error-ssl3-get-
  recorddecryption-failed-or-bad-record-mac

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1704585/+subscriptions