Captive Portal https login page stopped working on pfsense 2.1

Fabio de Souza

Hello all.

We've been using pfsense for a while and it always did its job perfectly.
Basically we have a pfsense captive portal to authenticate students from our school. Until one week ago we had no problems with pfsense 2.0.1, but we believe that someone has exploited some lighttpd vulnerabilities (CVE-2011-4362 and CVE-2012-5533) and that fact made us install a new machine with the latest pfsense available (2.1).

Well… now we have new problems...
Sometimes the captive portal service stops working and we can see 2 information in the logs:
lighttpd[26290]: (mod_fastcgi.c.3370) got a FDEVENT_OUT and didn't know why: 5
kernel: pid 26290 (lighttpd), uid 0: exited on signal 6 (core dumped)

The only way to get the captive portal working again is to restart its service. We installed a watchdog package to do it for us. For a while it is helping us to have time to lunch, take shower and try to have normal life… :D
We intend to open a new discussion to talk about this problem.

The issue that we were not able to solve yet is related to the https certificate that we used to have on version 2.0.1. On version 2.0.1, users were authenticated on a https captive portal, but now, if we enable that option, students are not redirected to the login page.
We get this message in the system log everytime some student tries to access any site:
lighttpd[35647]: (connections.c.1731) SSL: 1 -1 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

It would be great if some of you guys could help us.

Thank you all.

Fabio.