• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Web GUI SSL error ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Scheduled Pinned Locked Moved webGUI
8 Posts 4 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    philled
    last edited by Dec 2, 2018, 8:38 AM

    I tried to log into my web GUI today but got "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" in Chrome. Firefox and Edge had the same problem.

    So then I updated pfSense to version 2.4.4, but still had the same problem.

    So I reset the LAN settings through the console which asked me if I wanted to use HTTP for the web configurator and I said yes.

    But now when I try to log in over HTTP I can see a message on the console saying "Successful login" but the pages don't come up - I'm stuck on the login page.

    So how can I either:
    a) Get the web GUI working over HTTP, or...
    b) Revert to using HTTPS and resolve the SSL issues that Chrome doesn't like?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 3, 2018, 3:02 PM

      Switching from HTTPS to HTTP means you'll probably need to clear your cookies and cache in the browser, or use incognito mode, since your browser probably thinks it must use HTTPS thanks to HSTS and the flags in the cookies.

      We've had a couple similar reports of that error but nobody has definitively proved it was anything on the firewall doing it. In one case, a user moved the GUI to another port and it was fine with identical settings.

      Do you have any packages installed/active or port forwards that might be trying to use port 443 on your firewall and sending the traffic to another process or server?

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      P R 2 Replies Last reply Dec 3, 2018, 7:41 PM Reply Quote 0
      • P
        philled @jimp
        last edited by Dec 3, 2018, 7:41 PM

        @jimp said in Web GUI SSL error ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

        Switching from HTTPS to HTTP means you'll probably need to clear your cookies and cache in the browser, or use incognito mode, since your browser probably thinks it must use HTTPS thanks to HSTS and the flags in the cookies.

        Thanks for the tip - by opening an incognito tab I can now log in and access the web UI over HTTP. That will keep me going until I can sort out the underlying SSL issue.
        Thanks!

        1 Reply Last reply Reply Quote 0
        • R
          Rich Taylor-Worth @jimp
          last edited by Dec 7, 2018, 11:39 PM

          @jimp

          Does the web server in pfsense use SSL 2 still? Microsoft now only supports SSL3 and TLS1.0 through 1.2.

          This is my suspicion since I am having the same problem on Microsoft machines but not on Linux or Macs where I am allowed to overide the SSL ERROR NO CYPHER OVERLAP. Of course on my internal network I can use HTTP but I would prefer not to for very long. It is also convenient to be able to access PFSENSE from Windows 10. Just a thought. Thanks for looking into this.

          1 Reply Last reply Reply Quote 0
          • G
            Grimson Banned
            last edited by Dec 8, 2018, 1:11 AM

            https://forum.netgate.com/topic/137390/ssl_error_no_cypher_overlap-when-trying-to-connect-to-webgui

            1 Reply Last reply Reply Quote 0
            • J
              jimp Rebel Alliance Developer Netgate
              last edited by Dec 10, 2018, 9:50 PM

              The GUI does not support SSL2, or even SSL3 or TLS 1.0.

                              ssl_protocols   TLSv1.1 TLSv1.2;
                              ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
              

              Though it's possible you have something else local, like an Anti-Virus package, interfering.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • R
                Rich Taylor-Worth
                last edited by Dec 11, 2018, 12:03 AM

                Thanks so much. Good to know. Excuse my ignorance but I cannot completely reconcile your description
                of the ssl ciphers supported with Microsoft’s descriptions of their supported ciphers at release 1809 of Windows 10 at this url: https://docs.microsoft.com/en-us/windows/desktop/secauthn/tls-cipher-suites-in-windows-10-v1809

                Would you mind glancing at their list and confirm an overlap? Perhaps then I might force a group policy to allow me to use https on windows 10.

                Again thanks for your time or anyone’s time on this issue. I will continue to investigate locally.

                1 Reply Last reply Reply Quote 0
                • R
                  Rich Taylor-Worth
                  last edited by Dec 11, 2018, 1:31 AM

                  Mea Culpa. Laptops loaded with BITDEFENDER 2019 are using encrypted web scan protection even when an exception is loaded for PFSENSE firewall which is triggering the error. Turning off encrypted web scan under online web protection allows the correct self-signed security error under the browsers which may be overridden.

                  Thanks for all. Off I go to Bitdefender to ask them to truly honor added exceptions. Sigh.

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received