RHUI CDS Clients failing to update and receiving an error M2Crypto.SSL.SSLError: tlsv1 alert decrypt error

Solution Verified - Updated 2013-12-17T05:14:48+00:00 -

Issue

I had to rebuild the SSL certs for our RHUA infrastructure as well as rebuild the client RPMs for Rhel5 and Rhel6 updates, now when I try to install updates via "yum update" I receive the following errors:

Redhat 5 client :
[root@localhost ~]# yum update
Loaded plugins: rhui-lb, security
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 345, in doCommands
    self._getTs(needTsRemove)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
    self._getTsInfo(remove_only)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
    pkgSack = self.pkgSack
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in <lambda>
    pkgSack = property(fget=lambda self: self._getSacks(),
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
    self.repos.populateSack(which=repos)
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
    self._loadRepoXML(text=self)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
    return self._groupLoadRepoXML(text, ["primary"])
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
    result = self._getFileRepoXML(local, text)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
    cache=self.http_caching == 'all')
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 811, in _getFile
    http_headers=headers,
  File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
    return self._mirror_try(func, url, kw)
  File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
    return func_ref( *(fullurl,), **kwargs )
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 936, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 854, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 922, in retryfunc
    fo = URLGrabberFileObject(url, filename, opts)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1010, in __init__
    self._do_open()
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1093, in _do_open
    fo, hdr = self._make_request(req, opener)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1202, in _make_request
    fo = opener.open(req)
  File "/usr/lib/python2.4/urllib2.py", line 358, in open
    response = self._open(req, data)
  File "/usr/lib/python2.4/urllib2.py", line 376, in _open
    '_open', req)
  File "/usr/lib/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 83, in https_open
    r = h.getresponse()
  File "/usr/lib/python2.4/httplib.py", line 872, in getresponse
    response.begin()
  File "/usr/lib/python2.4/httplib.py", line 336, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python2.4/httplib.py", line 294, in _read_status
    line = self.fp.readline()
  File "/usr/lib/python2.4/socket.py", line 325, in readline
    data = recv(1)
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 217, in read
    return self._read_bio(size)
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 202, in _read_bio
    return m2.ssl_read(self.ssl, size, self._timeout)
M2Crypto.SSL.SSLError: tlsv1 alert decrypt error

Redhat 6 client :

[root@localhost product]# yum update
Loaded plugins: rhui-lb
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 503"
Trying other mirror.
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 56 - "SSL read: errno -12192"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhel-6-server-rhui-optional-rpms. Please verify its path and try again

I also see the following in the web server logs on the CDS servers :

[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?

Any ideas?

Environment

Red Hat Update Infrastructure 2.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories