Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lighthttpd errors littering log files

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krankykoder
      last edited by

      Good morning all!

      2.2-RELEASE  (amd64)

      I have a fresh install of 2.2 and my system log is full of these errors. As I understand it, it's not much to be concerned about, but haven't seen anyone post about it.

      Feb 17 05:28:00 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
      Feb 17 05:12:34 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
      Feb 17 04:57:07 lighttpd[26143]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

      A) is it truly nothing to be concerned about?
      B) if I should be concerned, what do I need to do to correct the problem?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • R
        rclough
        last edited by

        I send all of my pfSense logs to Splunk and on the 10th of February I was getting an average of about about 2 million of these type of messages per hour for about 10 hours. The log rate peaked at about 3 million log entries in one hour. I am still looking into why this event occurred but I have not seen any messages like this since the 10th.

        Here is what my log messages looked like:

        Feb 10 23:37:45 10.1.1.2 Feb 10 23:37:45 lighttpd[24763]: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
        Feb 10 23:37:33 10.1.1.2 Feb 10 23:37:33 lighttpd[24763]: (connections.c.137) (warning) close: 17 Connection reset by peer

        Unfortunately, I did not see it in time to record packets.
        I will post again if I can find any causes. I am still working on trying to correlate events.

        The attachment is a screenshot of my Splunk web interface showing the event distribution by hour and some of the log messages.

        Screenshot-3.png
        Screenshot-3.png_thumb

        1 Reply Last reply Reply Quote 0
        • K
          krankykoder
          last edited by

          Poking around a bit I did find this setting for logging. (image attached)

          It won't stop the error but should stop it from polluting the logs.

          log_settings.PNG
          log_settings.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • A
            AMizil
            last edited by

            Hello,

            Are you still getting the same error  ? I have the same error on 2.2.2 amd64 version.

            Regards,
            Adrian

            1 Reply Last reply Reply Quote 0
            • F
              fibrewire
              last edited by

              I get this same message, anyone want to help me troubleshoot this? the firewall traffic stops but I can still operate from the console, however selecting option 5 (reboot) does not succeed.

              I'm on pfsense 2.2.5-RELEASE  (i386) nanobsd (2g)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @rclough:

                I was getting an average of about about 2 million of these type of messages per hour for about 10 hours. The log rate peaked at about 3 million log entries in one hour.

                Perhaps time to stop exposing your firewall GUI to internet?  ::) ::) ::)

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  @doktornotor:

                  Perhaps time to stop exposing your firewall GUI to internet?  ::) ::) ::)

                  Indeed.

                  The logs in question are often from a monitoring system that just tries to connect to the TCP port. Or in the case of leaving it open to the Internet, who knows what kind of crap from random scanners.

                  @fibrewire:

                  I get this same message, anyone want to help me troubleshoot this? the firewall traffic stops but I can still operate from the console, however selecting option 5 (reboot) does not succeed.

                  Highly unlikely this log has anything to do with that log. Start a new thread with specifics - can you hit the LAN IP at all, get to Internet from the console?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.