Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Getting 'lighttpd decryption failed' after upgrading to 2.1.3-RELEASE-nanobsd

    Scheduled Pinned Locked Moved webGUI
    4 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      ttblum
      last edited by

      Hello,

      I have a CARP master and slave that I am trying to upgrade to the latest version of pfSense from version 2.0.3.  My slave is an Alix 2d13 router with HiFn 7955 card installed, my master is a Dell R200.

      After upgrading the slave to version 2.1.3, I am not able to log in to the WebGUI.  I am getting:

      
Jun  8 21:37:43 pf-slave lighttpd[17653]: (connections.c.305) SSL: 1 error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

      Does anyone know what this could be?

      1 Reply Last reply Reply Quote 0
      • T Offline
        ttblum
        last edited by

        I'm able to log in OK with Firefox 26, and also OK with IE 8 256bit.  The problem only happens when I try log in with an IE 8 browser with 128 bit encryption.

        Firefox shows that 2.1 is using is: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC-SHA', so old 128 bit browsers are probably no longer compatible.

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          "decryption failed or bad record mac" can also be caused by the Hifn card and certain combinations of ciphers. See https://redmine.pfsense.org/issues/3125

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • K Offline
            kpa
            last edited by

            Please don't call 128-bit encryption capable browsers old, that's very far from the truth. I can not even think of a cipher that uses 128-bit keys for the symmectric encryption and is required by SSL/TLS that is now considered unsecure.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.