SSL_ERROR_INTERNAL_ERROR_ALERT

jc1976

Hey Folks!

i've been getting this error for a while.. at first it wasn't a big deal but now it's getting a bit much. I thought it was just an issue with pfblockerNG maybe blocking reddit.com.. but tonight i can't even get onto verizon's website. there have been a bunch of other legitimate sites that i've had problems with, just can't remember off the top of my head (i recall it also happened with xfinity as well for one of their pages). Again, legitimate sites..

I saw some mention changing "Global Logging/Blocking Mode" from dnsbl webserver/vip to either no logging or no global mode, but none of that worked.

any ideas?

thanks!

Gertjan

@jc1976 said in SSL_ERROR_INTERNAL_ERROR_ALERT:

I saw some mention changing "Global Logging/Blocking Mode" from dnsbl webserver/vip to either no logging or no global mode, but none of that worked.

Chose one of the "Null Block" option, I advise the (logging) one so you have the stats.

"DNSBL server" is nice on paper, but only works (well) for non https requests, that is : old fashioned http requests. The thing is : these don't exist any more.

Example : You have blacklisted "www.verisign.com" and you try to visit it.
Your browser connects to the IP it got back from pfSense, and the web server at that IP has to send a certificate that says "Hi, I'm the certificate verisign.com".
But that didn't happen.
The IP your browser obtained was :

and this we server send a auto signed, non trusted cert that says : "(I'm not verisign)".

Your browser then 'should) tells you : something went terribly wrong. And it will NOT ( of course not) show you the page.

Browser love to show messages like
SSL_ERROR_INTERNAL_ERROR_ALERT
because something (some one) tries to break SSL. That's bad.

You should disregard the usage of the DNSBL web server proposed by pfBlockerNG, as it was a good idea in the past, it's unusable these days.