# SSL problems after updating



## FzZzT (Jan 5, 2018)

I recently updated packages on a 11.0 machine, which upgraded Ruby from 2.3.5 to 2.3.6 (I think), and my Puppet install broke. It is logging SSL-related issues with this message:

```
SSL_read: decryption failed or bad record mac
```
I thought maybe it was a problem with outdated OpenSSL so I updated to 11.1-R-p6 a minute ago, but the problem persists. I did reinstall all packages after updating and reboot.

```
$ openssl version;uname -a;freebsd-version
OpenSSL 1.0.2k-freebsd  26 Jan 2017
FreeBSD puppet1-test 11.1-RELEASE-p4 FreeBSD 11.1-RELEASE-p4 #0: Tue Nov 14 06:12:40 UTC 2017     [email]root@amd64-builder.daemonology.net[/email]:/usr/obj/usr/src/sys/GENERIC  amd64
11.1-RELEASE-p6
```
I'm not sure what to do at this point.

I could force it to reinstall Ruby 2.3.5, and lock those packages, which worked on 11.0, but I would rather be able to keep things up to date.

I could try OpenSSL from ports, but is there a way to use that with Puppet from pkg?


----------



## FzZzT (Jan 6, 2018)

This is the magic sauce to fix things:

sudo pkg unlock -y ruby ; sudo pkg remove -y puppet4 ruby ruby24-gems ruby23-gems ; sudo pkg add /var/cache/pkg/ruby-2.3.5,1.txz /var/cache/pkg/ruby23-gems-2.6.14.txz /var/cache/pkg/rubygem-json_pure-2.0.3.txz /var/cache/pkg/rubygem-ruby-augeas-0.5.0_2-27b6631cda.txz /var/cache/pkg/puppet4-4.10.8.txz && sudo pkg lock -y rubygem-json_pure && sudo pkg lock -y puppet4 && sudo pkg lock -y ruby && sudo pkg lock -y ruby23-gems && sudo pkg lock -y rubygem-ruby-augeas

However running updated stuff would be much preferred...


----------



## SirDice (Jan 8, 2018)

FzZzT said:


> I recently updated packages on a 11.0 machine, which upgraded Ruby from 2.3.5 to 2.3.6 (I think), and my Puppet install broke. It is logging SSL-related issues with this message:
> 
> ```
> SSL_read: decryption failed or bad record mac
> ```


Stop using the Puppet WEBrick server.


----------

