Slv3 alert bad record when using galaxy-ng

Get Help
,
1

Hi there, I get a lot of SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546) errors when updating some ansible galaxy collections.

Didi I do something wrong or are there any known issues? Is there a monitoring where I can see these kind of known issues?

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
[WARNING]: Skipping Galaxy server https://galaxy.ansible.com/api/. Got an unexpected error when getting available versions of collection junipernetworks.junos: Unknown error when attempting to call Galaxy at
'https://galaxy.ansible.com/api/v3/collections/junipernetworks/junos/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac
(_ssl.c:2546)
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/junipernetworks/junos/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
[WARNING]: Skipping Galaxy server https://galaxy.ansible.com/api/. Got an unexpected error when getting available versions of collection community.windows: Unknown error when attempting to call Galaxy at
'https://galaxy.ansible.com/api/v3/collections/community/windows/versions/?limit=100': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert
bad record mac (_ssl.c:2546)
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/community/windows/versions/?limit=100': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
[WARNING]: Skipping Galaxy server https://galaxy.ansible.com/api/. Got an unexpected error when getting available versions of collection community.postgresql: Unknown error when attempting to call Galaxy at
'https://galaxy.ansible.com/api/v3/collections/community/postgresql/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac
(_ssl.c:2546)
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/community/postgresql/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
[WARNING]: Skipping Galaxy server https://galaxy.ansible.com/api/. Got an unexpected error when getting available versions of collection community.library_inventory_filtering_v1: Unknown error when attempting
to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/community/library_inventory_filtering_v1/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL:
SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/community/library_inventory_filtering_v1/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/inwx-collection-1.3.1.tar.gz to /home/lilian/.ansible/tmp/ansible-local-2937191nk_y6q2/tmpn_e5mfkx/inwx-collection-1.3.1-62pkv8vo
'junipernetworks.junos:2.7.0' is already installed, skipping.
'ansible.posix:1.6.0' is already installed, skipping.
'ansible.netcommon:7.1.0' is already installed, skipping.
'ansible.utils:5.1.2' is already installed, skipping.
Installing 'inwx.collection:1.3.1' to '/home/lilian/.ansible/collections/ansible_collections/inwx/collection'
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-mysql-3.10.3.tar.gz to /home/lilian/.ansible/tmp/ansible-local-2937191nk_y6q2/tmpn_e5mfkx/community-mysql-3.10.3-g_c2ir8d
inwx.collection:1.3.1 was installed successfully
Installing 'community.mysql:3.10.3' to '/home/lilian/.ansible/collections/ansible_collections/community/mysql'
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-postgresql-3.6.1.tar.gz to /home/lilian/.ansible/tmp/ansible-local-2937191nk_y6q2/tmpn_e5mfkx/community-postgresql-3.6.1-6ewkgfo8
community.mysql:3.10.3 was installed successfully
Installing 'community.postgresql:3.6.1' to '/home/lilian/.ansible/collections/ansible_collections/community/postgresql'
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-proxysql-1.6.0.tar.gz to /home/lilian/.ansible/tmp/ansible-local-2937191nk_y6q2/tmpn_e5mfkx/community-proxysql-1.6.0-8s_ms3hs
community.postgresql:3.6.1 was installed successfully
Installing 'community.proxysql:1.6.0' to '/home/lilian/.ansible/collections/ansible_collections/community/proxysql'
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-general-9.4.0.tar.gz to /home/lilian/.ansible/tmp/ansible-local-2937191nk_y6q2/tmpn_e5mfkx/community-general-9.4.0-9fkeqdbb
community.proxysql:1.6.0 was installed successfully
ERROR! Failed to download collection tar from 'default' due to the following unforeseen error: [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)

$ ansible-galaxy collection install --requirements-file requirements.yml --upgrade
Starting galaxy collection install process
[WARNING]: Collection prometheus.prometheus does not support Ansible version 2.17.4
Process install dependency map
[WARNING]: Skipping Galaxy server https://galaxy.ansible.com/api/. Got an unexpected error when getting available versions of collection inwx.collection: Unknown error when attempting to call Galaxy at
'https://galaxy.ansible.com/api/v3/collections/inwx/collection/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac
(_ssl.c:2546)
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/v3/collections/inwx/collection/': [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546). [SSL: SSLV3_ALERT_BAD_RECORD_MAC] sslv3 alert bad record mac (_ssl.c:2546)
2

Is there anything I could do about it except waiting and praying it gets fixed? :pray:

3

I am not receiving that error from either my home PC or work laptop. I’ve never seen that particular SSL error myself, but throwing it into Google suggests an ISP issue. If you are seeing it only on your corporate network, your security team may have implemented a man-in-the-middle SSL traffic viewer thing like Sophos or zScaler and it’s returning some type of malformed SSL response.

1 Like
4

Hey @mcen1

Thanks for this thought. Next time this is happening I will have a look if it works outside the company net. Currently it is working well without trouble, so it is hard to tell where exactly the problem is.