SSL23_GET_CLIENT_HELLO:unknown protocol

rovshango

Hi,

After enabling HTTPS login and importing SSL Certificate (which purchesed from DigiCert) in CP everything is working fine.
I see HTTPS landing page etc.

But I am getting lots of "SSL23_GET_CLIENT_HELLO:unknown protocol" system log.

Please help how to ignore them/fix.

Gertjan

Hi,

Looking up "SSL23_GET_CLIENT_HELLO" on this forum will somewhat explain what is it.

To me it's something like an httpS connection hammering on a http (your portal login page) - or the other way around.

What I know is that when I launch a connection = my iDevice to my Wifi portal network, there are no such messages.
A "clean' Windows driven PC with Wifi doesn't produce these messages neither.

Some "Smart Devices", however, think they have a directly connection to the net when the Wifi ( = Ethernet connection ) comes up - they are NOT "portal" minded. They httpS right out, and of course, are intercepted by the portal interface (http or https) because the user should authenticate first.

As you should know, intercepting a httpS is considered as a man in the middle attack and the client device (ou Samart Device) isn't liking it, neither is our web server, which is our portal web server in this case. This logs file is flooded with these messages.

Things get really noisy on the logs when it concerns a stupid apps like (example) Facebook in our Smart Device : the device finds a Wifi connection, and the Wifi comes up (our portal network) : an IP connection is made up to our pfSense box - any other requests to else where are firewalled. The app sees that an (private network) IP is available, that a router is announcing itself, and starts hammering https connections out, because it was at least 30 minutes that your FB wasn't updated with the latest experiences in your live. Your page followers have completely lost trace of you ….. [ humm, I'm loosing trac here  :P ]
Anyway, the app can't pass through, the only way through is that the Device owner 'starts a web browser' and authenticate first. Only then the connection becomes transparent, and the FB app can go continue doing its work.

My "conclusion" : these are requests from apps from wifi devices attached to our portal network that are failing because they are NOR portal minded - neither authenticated

Read also this : https://forum.pfsense.org/index.php?topic=59411.msg319338#msg319338 - or any other message bout the subject (I found a couple of hundred of them, the subject isn't really a recent easy).

edit: I also, I thought that these messages would disappear if I activated the httpS authentication with a real-valid cert (from startssl.com).
I was wrong, looks like I receive even more of these "SSL23_GET_CLIENT_HELLO" (and others).
Again: don't worry - I've seen these for years now.

Derelict

It is impossible infeasible to successfully captive portal HTTPS connections unless you control all your prospective client devices and can pre-install trusted root certificates.  It is better to just drop TCP/443 traffic until the portal session has been negotiated via TCP/80.