Getting 'lighttpd decryption failed' after upgrading to 2.1.3-RELEASE-nanobsd



  • Hello,

    I have a CARP master and slave that I am trying to upgrade to the latest version of pfSense from version 2.0.3.  My slave is an Alix 2d13 router with HiFn 7955 card installed, my master is a Dell R200.

    After upgrading the slave to version 2.1.3, I am not able to log in to the WebGUI.  I am getting:

    
    Jun  8 21:37:43 pf-slave lighttpd[17653]: (connections.c.305) SSL: 1 error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac 
    
    

    Does anyone know what this could be?



  • I'm able to log in OK with Firefox 26, and also OK with IE 8 256bit.  The problem only happens when I try log in with an IE 8 browser with 128 bit encryption.

    Firefox shows that 2.1 is using is: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC-SHA', so old 128 bit browsers are probably no longer compatible.


  • Rebel Alliance Developer Netgate

    "decryption failed or bad record mac" can also be caused by the Hifn card and certain combinations of ciphers. See https://redmine.pfsense.org/issues/3125



  • Please don't call 128-bit encryption capable browsers old, that's very far from the truth. I can not even think of a cipher that uses 128-bit keys for the symmectric encryption and is required by SSL/TLS that is now considered unsecure.


Log in to reply