Getting 'lighttpd decryption failed' after upgrading to 2.1.3-RELEASE-nanobsd
I have a CARP master and slave that I am trying to upgrade to the latest version of pfSense from version 2.0.3. My slave is an Alix 2d13 router with HiFn 7955 card installed, my master is a Dell R200.
After upgrading the slave to version 2.1.3, I am not able to log in to the WebGUI. I am getting:
Jun 8 21:37:43 pf-slave lighttpd: (connections.c.305) SSL: 1 error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Does anyone know what this could be?
I'm able to log in OK with Firefox 26, and also OK with IE 8 256bit. The problem only happens when I try log in with an IE 8 browser with 128 bit encryption.
Firefox shows that 2.1 is using is: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC-SHA', so old 128 bit browsers are probably no longer compatible.
"decryption failed or bad record mac" can also be caused by the Hifn card and certain combinations of ciphers. See https://redmine.pfsense.org/issues/3125
Please don't call 128-bit encryption capable browsers old, that's very far from the truth. I can not even think of a cipher that uses 128-bit keys for the symmectric encryption and is required by SSL/TLS that is now considered unsecure.