2.3.2 unable to update, SSL Authentication error



  • On Version 2.3.2 update is not possible on WebGui or Console.
    Console Update throws an SSL Authentication error

    >>> Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    34401135112:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
    Unable to update repository pfSense
    *** Welcome to pfSense 2.3.2-RELEASE (amd64 full-install) on pfsense ***
    

    Is there any solution to this problem?


  • Rebel Alliance Developer Netgate

    That would be coming from an upstream proxy, not the firewall itself.



  • There is no Upstream Proxy.
    Any other Idea?


  • LAYER 8 Global Moderator

    So why not check to see what your getting back..

    openssl s_client -connect pkg.pfsense.org:443

    
    [2.3.2-RELEASE][root@pfsense.local.lan]/root: openssl s_client -connect pkg.pfsense.org:443
    CONNECTED(00000004)
    depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
    verify return:1
    depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
    verify return:1
    depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
    verify return:1
    depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.pfsense.org
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org
       i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
     1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
       i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
     2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
       i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIFTjCCBDagAwIBAgIQG1r/78gt1gbpG+qPmcKZxzANBgkqhkiG9w0BAQsFADCB
    kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
    A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
    BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
    QTAeFw0xNTA4MTcwMDAwMDBaFw0xODA4MjIyMzU5NTlaMFoxITAfBgNVBAsTGERv
    bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls
    ZGNhcmQxFjAUBgNVBAMMDSoucGZzZW5zZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUA
    A4IBDwAwggEKAoIBAQDIzOkrFy7AHTUWqJdIF2IvDtTM8X3RTb8O52QG8sAokDCv
    u+ad3wgPCboJhUvLwDB9bUZ+/JIOV2tMNzcJ2h6IPRRfh/2RMV+aI3cdWgKxmB5d
    sZUZp22Tviwol145Ty5lEVkRFLVn6y5MLgj2Pju4q5hEUPBjoiMpufeyHM/NnWf0
    IWtuDFB+VlaApXnnpxhMejChdBQeAdUV6QZcHvQiVXn+EnQaj4l+kwwxaS+GwLA6
    TVC988yood/FG3yMu7RLgS6a9CeJ8f4SpGifg0JouTU5iR02MQwLyUhESQcl9yQ/
    ANERGLM7+giyJvAD9jpj/ErnZINgBmu+RpzK4NDbAgMBAAGjggHXMIIB0zAfBgNV
    HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU3bK8mIZpBTqH
    JyRIxOK5ArpV220wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
    BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC
    AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw
    CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu
    Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
    gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j
    YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
    dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCUGA1UdEQQe
    MByCDSoucGZzZW5zZS5vcmeCC3Bmc2Vuc2Uub3JnMA0GCSqGSIb3DQEBCwUAA4IB
    AQAhtYwrG8qpDDN3R+BkuRfULnzy3DB7MbzSukmtLo3QNrimOfuWepUKqa6Vabm6
    JrIGle0ehemGp3S6jWAS54FZnViobgaiQ4qYqXlNaCT73qHNSIGDszQBov6oHNo1
    aa+s+7e4hN5+fXnX9uscZ+afFfKHS8j4kg21pNEg5r3lIZg4flc5DtDhxeSor/0b
    9jx8D4yus/py2xnM9jy8z1C8EXpQPR+5PvMTpfEVJTgX4y+6P+9t5TEc+hgioGZQ
    GfFDnI0On9A0BYfpjnRKs8o2Y+7OEmSoAA3/fe8vOBaTLpGn5HGZJOj8QPmgud49
    oML3RbMw4y2L6ONLMpNFupVa
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 4991 bytes and written 417 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 8775FC02DD4BB31FF7BC9A171FCE8DDFBBBB8F0AA62FD4C781DCD147A3BAA3E5
        Session-ID-ctx:
        Master-Key: 8F011056B08AD2149D95D70FC51B2995D34C2C0862460213D10160CDC193B1021D27F62260EFF0400FBC4382F26C6E81
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 600 (seconds)
        TLS session ticket:
        0000 - 1b 45 d4 93 df 02 3b 62-99 3b 45 b4 da 55 94 27   .E....;b.;E..U.'
        0010 - d1 ba 02 64 ea aa 8f a3-74 4c 2f 79 21 80 18 9e   ...d....tL/y!...
        0020 - ba 2c 32 48 db c0 a1 2c-29 de 64 6c 7f b3 cc 33   .,2H...,).dl...3
        0030 - d8 32 db fc 6f f2 d0 83-bc 56 0c fe d8 f2 20 75   .2..o....V.... u
        0040 - d1 9b 2f 11 ab d5 91 b3-8f 9d 5d 6d 4d bb b9 93   ../.......]mM...
        0050 - cb 1f 6f 49 0b 85 0a 15-ff 37 fb 3a 20 20 38 8a   ..oI.....7.:  8.
        0060 - 50 b5 2d cf 29 e8 cc ad-39 b9 64 d2 7e f5 71 e9   P.-.)...9.d.~.q.
        0070 - 1c d3 71 c9 97 f8 b1 93-50 20 0c 7c 17 28 7f b3   ..q.....P .|.(..
        0080 - 5c a0 73 7b 48 10 35 23-78 0b d1 93 5c 9a 73 27   \.s{H.5#x...\.s'
        0090 - 3f 08 f8 55 e8 9e 99 9f-f4 c3 89 59 e3 62 d8 0a   ?..U.......Y.b..
        00a0 - e5 14 7c 8f 04 9b eb eb-81 9d 8d 10 67 9d 3c 29   ..|.........g.<)
    
        Start Time: 1481290886
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    ^C
    [2.3.2-RELEASE][root@pfsense.local.lan]/root:
    
    

Log in to reply