使用TLS 1.1&时出现随机错误1.2关于Ubuntu 16.04。使用浏览器(Chrome和Firefox)和wget等发生错误。安全连接有时会起作用,但大多数情况下它们不起作用。以下是强制TLS 1.2的wget示例:
baris@computer:~$ wget --secure-protocol=TLSv1_2 https://github.com/tiny-dnn/tiny-dnn/archive/v1.0.0a3.tar.gz
--2018-01-25 17:16:46-- https://github.com/tiny-dnn/tiny-dnn/archive/v1.0.0a3.tar.gz
Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
Connecting to github.com (github.com)|192.30.253.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/tiny-dnn/tiny-dnn/tar.gz/v1.0.0a3 [following]
--2018-01-25 17:16:46-- https://codeload.github.com/tiny-dnn/tiny-dnn/tar.gz/v1.0.0a3
Resolving codeload.github.com (codeload.github.com)... 192.30.253.121, 192.30.253.120
Connecting to codeload.github.com (codeload.github.com)|192.30.253.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12885646 (12M) [application/x-gzip]
Saving to: ‘v1.0.0a3.tar.gz.17’
v1.0.0a3.tar.gz.17 65%[=============================> ] 7.99M 37.9MB/s in 0.2s
2018-01-25 17:16:46 (37.9 MB/s) - Read error at byte 8381776/12885646 (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac). Retrying.
--2018-01-25 17:16:47-- (try: 2) https://codeload.github.com/tiny-dnn/tiny-dnn/tar.gz/v1.0.0a3
Connecting to codeload.github.com (codeload.github.com)|192.30.253.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12885646 (12M) [application/x-gzip]
Saving to: ‘v1.0.0a3.tar.gz.17’
v1.0.0a3.tar.gz.17 100%[==============================================>] 12.29M 50.7MB/s in 0.2s
2018-01-25 17:16:48 (50.7 MB/s) - ‘v1.0.0a3.tar.gz.17’ saved [12885646/12885646]
以下是从CMake下载日志文件中提取的另一个示例:
# Connected to raw.githubusercontent.com (151.101.116.133) port 443 (#0)
# ALPN, offering http/1.1
# Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
# successfully set certificate verify locations:
# CAfile: /etc/ssl/certs/ca-certificates.crt
# CApath: /etc/ssl/certs
# TLSv1.2 (OUT), TLS header, Certificate Status (22):
# [5 bytes data]
# TLSv1.2 (OUT), TLS handshake, Client hello (1):
# [512 bytes data]
# [5 bytes data]
# TLSv1.2 (IN), TLS handshake, Server hello (2):
# [108 bytes data]
# [5 bytes data]
# TLSv1.2 (IN), TLS handshake, Certificate (11):
# [3182 bytes data]
# [5 bytes data]
# TLSv1.2 (IN), TLS handshake, Server key exchange (12):
# [333 bytes data]
# [5 bytes data]
# TLSv1.2 (IN), TLS handshake, Server finished (14):
# [4 bytes data]
# [5 bytes data]
# TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
# [70 bytes data]
# [5 bytes data]
# TLSv1.2 (OUT), TLS change cipher, Client hello (1):
# [1 bytes data]
# [5 bytes data]
# TLSv1.2 (OUT), TLS handshake, Finished (20):
# [16 bytes data]
# [5 bytes data]
# TLSv1.2 (IN), TLS alert, Server hello (2):
# [2 bytes data]
# error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
# Closing connection 0
#
可能导致这种情况的原因是什么?
编辑:结果发现CPU出现问题(i7-7700K)。从英特尔(https://github.com/intel/soft-crc)运行CRC测试套件,我意识到核心#0上的CRC失败,但它们在其余核心上运行正常。类似地,firefox或chrome在使用taskset实用程序的核心#1,#2,#3上运行良好。
编辑2:有趣的是,在卸下CPU并重新安装后,问题就消失了。现在所有内核都运行良好。也许其中一个引脚没有良好的接触。我第一次看到这样的问题只影响CPU的某种计算类型。