Webconfigurator access with IOS Devices broken in latest Snapshots?
-
Hi,
I'm running several pfSense 2.1 beta Snapshops. I was able to access the Webconfigurator via SSL or HTTP using a snapshot from June 20th using iPad or iPhone. Newer Snapshots won't let me in. With SSL it says, it can't setup a secure connection to the server, using HTTP only it just hangs loading and never displays anything.
I compared the the lighthttp confs of the working and the non-working systems but could not find any significant difference. I already tried switching the SSL Cert but as HTTP-only does not work either, there was no luck. After upgrading my working system to the newest snapshot, it sucessfully broke access for IOS, too. ;)
Anyone else having problems with that? -
We did upgrade lighttpd in the last week or so, it's possible something happened there. I can confirm it doesn't work from my iPod Touch either, in Safari or in Opera Mini, but it does work in Chrome on iOS
It does work on Android though, no matter which browser I tried.
Some searching on that exact error message seems to indicate it's fairly common to see on Safari with self-signed certificates.
Perhaps related, in lighttpd's changelog, I see
* ssl: disable client initiated renegotiationsThat happened between the version we were on and now. I'm not sure if that's a knob we can turn or not. In the meantime, install Chome, it's better than Safari anyhow, and it's free in the App store ;-)
-
OK I found the cause, the fix will need some discussion by the devs
http://redmine.pfsense.org/issues/2553
-
As I mentioned on the ticket, I just checked in a fix. Seems Safari on iOS chokes on one specific cipher. Not sure why.
-
Cool, many thanks! Just upgraded to the lastest Snapshot and it works again.
