SSL issues with the web interface?



  • Page loading often fails when I try to access the pfsense machine from the LAN (still just playing around, so I'm not sure how things would look if I tried WAN access.)
    This is regardless if I try access with Safari or with Camino browsers. The failure always seems to be SSL related, e.g. Camino throws this error message

    Secure Connection Failed
            An error occurred during a connection to 123.45.67.89.

    SSL received a record with an incorrect Message Authentication Code.

    (Error code: ssl_error_bad_mac_read)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem.


  • Rebel Alliance Developer Netgate

    Which snapshot are you running? There have been some issues with openssl in snapshots from the past week or so, but I haven't seen any problems with the GUI myself. I don't use a Mac though.



  • Sorry to resurrect an old thread, but I've been having this issue, on my test firewall, for at least 3 months, now.  It's quite annoying, as it pops up fairly often, but not always.  I've tried various clients, mostly Firefox 3.6.x, on Linux, Mac, and Windows.  I've also tried Safari, on Mac, for client diversity.

    The machine is a VIA Eden 1200mHz, using VIA Padlock hardware crypto.  It's running x86 code, of course, currently on 2.0-BETA4, Tue Aug 10 02:57:56 EDT 2010 release.  I've had this problem, on this machine, at least back to 2.0-BETA2.  I don't, unfortunately have any sort of trace, though.  I'd certainly be willing to collect info, though, if anyone has a suggestion on where to look.

    I do have the following from /var/log/lighttp.error.log: (there are many repetitions of these)

    cat lighttpd.error.log

    2010-08-20 18:09:57: (connections.c.1698) SSL (error): 5 -1 22 Unknown error: 0
    2010-08-31 19:53:28: (connections.c.1698) SSL (error): 5 -1 32 Broken pipe

    These are not very specific, I know.

    Thanks!


Log in to reply