Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Getting 'lighttpd decryption failed' after upgrading to 2.1.3-RELEASE-nanobsd

    webGUI
    3
    4
    796
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttblum last edited by

      Hello,

      I have a CARP master and slave that I am trying to upgrade to the latest version of pfSense from version 2.0.3.  My slave is an Alix 2d13 router with HiFn 7955 card installed, my master is a Dell R200.

      After upgrading the slave to version 2.1.3, I am not able to log in to the WebGUI.  I am getting:

      
      Jun  8 21:37:43 pf-slave lighttpd[17653]: (connections.c.305) SSL: 1 error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac 
      
      

      Does anyone know what this could be?

      1 Reply Last reply Reply Quote 0
      • T
        ttblum last edited by

        I'm able to log in OK with Firefox 26, and also OK with IE 8 256bit.  The problem only happens when I try log in with an IE 8 browser with 128 bit encryption.

        Firefox shows that 2.1 is using is: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC-SHA', so old 128 bit browsers are probably no longer compatible.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          "decryption failed or bad record mac" can also be caused by the Hifn card and certain combinations of ciphers. See https://redmine.pfsense.org/issues/3125

          1 Reply Last reply Reply Quote 0
          • K
            kpa last edited by

            Please don't call 128-bit encryption capable browsers old, that's very far from the truth. I can not even think of a cipher that uses 128-bit keys for the symmectric encryption and is required by SSL/TLS that is now considered unsecure.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy