Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Lighthttpd errors littering log files

    General pfSense Questions
    6
    7
    1716
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krankykoder last edited by

      Good morning all!

      2.2-RELEASE  (amd64)

      I have a fresh install of 2.2 and my system log is full of these errors. As I understand it, it's not much to be concerned about, but haven't seen anyone post about it.

      Feb 17 05:28:00 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
      Feb 17 05:12:34 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
      Feb 17 04:57:07 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

      A) is it truly nothing to be concerned about?
      B) if I should be concerned, what do I need to do to correct the problem?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • R
        rclough last edited by

        I send all of my pfSense logs to Splunk and on the 10th of February I was getting an average of about about 2 million of these type of messages per hour for about 10 hours. The log rate peaked at about 3 million log entries in one hour. I am still looking into why this event occurred but I have not seen any messages like this since the 10th.

        Here is what my log messages looked like:

        Feb 10 23:37:45 10.1.1.2 Feb 10 23:37:45 lighttpd[24763]: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
        Feb 10 23:37:33 10.1.1.2 Feb 10 23:37:33 lighttpd[24763]: (connections.c.137) (warning) close: 17 Connection reset by peer

        Unfortunately, I did not see it in time to record packets.
        I will post again if I can find any causes. I am still working on trying to correlate events.

        The attachment is a screenshot of my Splunk web interface showing the event distribution by hour and some of the log messages.


        1 Reply Last reply Reply Quote 0
        • K
          krankykoder last edited by

          Poking around a bit I did find this setting for logging. (image attached)

          It won't stop the error but should stop it from polluting the logs.


          1 Reply Last reply Reply Quote 0
          • A
            AMizil last edited by

            Hello,

            Are you still getting the same error  ? I have the same error on 2.2.2 amd64 version.

            Regards,
            Adrian

            1 Reply Last reply Reply Quote 0
            • F
              fibrewire last edited by

              I get this same message, anyone want to help me troubleshoot this? the firewall traffic stops but I can still operate from the console, however selecting option 5 (reboot) does not succeed.

              I'm on pfsense 2.2.5-RELEASE  (i386) nanobsd (2g)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                @rclough:

                I was getting an average of about about 2 million of these type of messages per hour for about 10 hours. The log rate peaked at about 3 million log entries in one hour.

                Perhaps time to stop exposing your firewall GUI to internet?  ::) ::) ::)

                1 Reply Last reply Reply Quote 0
                • C
                  cmb last edited by

                  @doktornotor:

                  Perhaps time to stop exposing your firewall GUI to internet?  ::) ::) ::)

                  Indeed.

                  The logs in question are often from a monitoring system that just tries to connect to the TCP port. Or in the case of leaving it open to the Internet, who knows what kind of crap from random scanners.

                  @fibrewire:

                  I get this same message, anyone want to help me troubleshoot this? the firewall traffic stops but I can still operate from the console, however selecting option 5 (reboot) does not succeed.

                  Highly unlikely this log has anything to do with that log. Start a new thread with specifics - can you hit the LAN IP at all, get to Internet from the console?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy