2.3.2 unable to update, SSL Authentication error
-
On Version 2.3.2 update is not possible on WebGui or Console.
Console Update throws an SSL Authentication error>>> Updating repositories metadata... Updating pfSense-core repository catalogue... 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error repository pfSense has no meta file, using default settings 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: 34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error Unable to update repository pfSense *** Welcome to pfSense 2.3.2-RELEASE (amd64 full-install) on pfsense ***
Is there any solution to this problem?
-
That would be coming from an upstream proxy, not the firewall itself.
-
There is no Upstream Proxy.
Any other Idea? -
So why not check to see what your getting back..
openssl s_client -connect pkg.pfsense.org:443
[2.3.2-RELEASE][root@pfsense.local.lan]/root: openssl s_client -connect pkg.pfsense.org:443 CONNECTED(00000004) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.pfsense.org verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFTjCCBDagAwIBAgIQG1r/78gt1gbpG+qPmcKZxzANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0xNTA4MTcwMDAwMDBaFw0xODA4MjIyMzU5NTlaMFoxITAfBgNVBAsTGERv bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls ZGNhcmQxFjAUBgNVBAMMDSoucGZzZW5zZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDIzOkrFy7AHTUWqJdIF2IvDtTM8X3RTb8O52QG8sAokDCv u+ad3wgPCboJhUvLwDB9bUZ+/JIOV2tMNzcJ2h6IPRRfh/2RMV+aI3cdWgKxmB5d sZUZp22Tviwol145Ty5lEVkRFLVn6y5MLgj2Pju4q5hEUPBjoiMpufeyHM/NnWf0 IWtuDFB+VlaApXnnpxhMejChdBQeAdUV6QZcHvQiVXn+EnQaj4l+kwwxaS+GwLA6 TVC988yood/FG3yMu7RLgS6a9CeJ8f4SpGifg0JouTU5iR02MQwLyUhESQcl9yQ/ ANERGLM7+giyJvAD9jpj/ErnZINgBmu+RpzK4NDbAgMBAAGjggHXMIIB0zAfBgNV HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU3bK8mIZpBTqH JyRIxOK5ArpV220wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCUGA1UdEQQe MByCDSoucGZzZW5zZS5vcmeCC3Bmc2Vuc2Uub3JnMA0GCSqGSIb3DQEBCwUAA4IB AQAhtYwrG8qpDDN3R+BkuRfULnzy3DB7MbzSukmtLo3QNrimOfuWepUKqa6Vabm6 JrIGle0ehemGp3S6jWAS54FZnViobgaiQ4qYqXlNaCT73qHNSIGDszQBov6oHNo1 aa+s+7e4hN5+fXnX9uscZ+afFfKHS8j4kg21pNEg5r3lIZg4flc5DtDhxeSor/0b 9jx8D4yus/py2xnM9jy8z1C8EXpQPR+5PvMTpfEVJTgX4y+6P+9t5TEc+hgioGZQ GfFDnI0On9A0BYfpjnRKs8o2Y+7OEmSoAA3/fe8vOBaTLpGn5HGZJOj8QPmgud49 oML3RbMw4y2L6ONLMpNFupVa -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 4991 bytes and written 417 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 8775FC02DD4BB31FF7BC9A171FCE8DDFBBBB8F0AA62FD4C781DCD147A3BAA3E5 Session-ID-ctx: Master-Key: 8F011056B08AD2149D95D70FC51B2995D34C2C0862460213D10160CDC193B1021D27F62260EFF0400FBC4382F26C6E81 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 600 (seconds) TLS session ticket: 0000 - 1b 45 d4 93 df 02 3b 62-99 3b 45 b4 da 55 94 27 .E....;b.;E..U.' 0010 - d1 ba 02 64 ea aa 8f a3-74 4c 2f 79 21 80 18 9e ...d....tL/y!... 0020 - ba 2c 32 48 db c0 a1 2c-29 de 64 6c 7f b3 cc 33 .,2H...,).dl...3 0030 - d8 32 db fc 6f f2 d0 83-bc 56 0c fe d8 f2 20 75 .2..o....V.... u 0040 - d1 9b 2f 11 ab d5 91 b3-8f 9d 5d 6d 4d bb b9 93 ../.......]mM... 0050 - cb 1f 6f 49 0b 85 0a 15-ff 37 fb 3a 20 20 38 8a ..oI.....7.: 8. 0060 - 50 b5 2d cf 29 e8 cc ad-39 b9 64 d2 7e f5 71 e9 P.-.)...9.d.~.q. 0070 - 1c d3 71 c9 97 f8 b1 93-50 20 0c 7c 17 28 7f b3 ..q.....P .|.(.. 0080 - 5c a0 73 7b 48 10 35 23-78 0b d1 93 5c 9a 73 27 \.s{H.5#x...\.s' 0090 - 3f 08 f8 55 e8 9e 99 9f-f4 c3 89 59 e3 62 d8 0a ?..U.......Y.b.. 00a0 - e5 14 7c 8f 04 9b eb eb-81 9d 8d 10 67 9d 3c 29 ..|.........g.<) Start Time: 1481290886 Timeout : 300 (sec) Verify return code: 0 (ok) --- ^C [2.3.2-RELEASE][root@pfsense.local.lan]/root: