Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 63 replies
  • Subscribers 1 subscriber
  • Views 62911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Filtering Stops Working

tscott_16
I have a PC-based gateway with SSL web filtering enabled and everything works fine for a few days and then suddenly it stops working. I'm still able to surf the web just fine but anything HTTPS just passes right through without the filter ever even seeing it. I can reboot the gateway and SSL filtering works again. Any idea what's causing it to stop without warning?


This thread was automatically locked due to age.
Parents
  • 0
    For people who are (or until recently were) experiencing the incorrect CA, can you please run this:
    zgrep cadata /var/log/up2date/2014/*/* | grep patch

    Specifically you are looking for a line like:
    /var/log/up2date/2014/02/up2date-2014-02-20.log.gz:2014:02:20-18:00:08 van-asg-02 auisys[8792]: Installing up2date package file '/var/up2date//cadata/u2d-cadata-9.52-53.patch.tgz.gpg'

    This patch from Feb 20 should have resolved this.
  • 0 in reply to Michael Dunn
    I get no output from this command and my system produces ssl errors requiring a reboot more than once per day.


    [FONT=monospace]2014:03:23-12:54:51  wahine httpproxy[5479]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xe8cd320" function="ssl_log_errors" file="ssl.c"  line="86" message="C 10.1.2.11: 4073585520:error:14094418:SSL  routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert  number 48" [/FONT]
    [FONT=monospace]
    2014:03:23-12:54:51  wahine httpproxy[5479]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xe8cd320" function="ssl_log_errors" file="ssl.c"  line="86" message="C 10.1.2.11: 4073585520:error:140940E5:SSL  routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:989:" [/FONT]

    Rebooting restores functionality of ssl-based web connections (eg. https web sites).

    Reviewing the patches, here is a list of all patches made to the system since installation:

    up2date-2014-03-21.log.gz:2014:03:21-19:01:59 wahine auisys[16114]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.787.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:18 wahine auisys[16114]: Installing up2date package file '/var/up2date//geoip/u2d-geoip-7.82.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:34 wahine auisys[16114]: Installing up2date package file '/var/up2date//ipsbundle/u2d-ipsbundle-9.124.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:53 wahine auisys[16114]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5641.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:03:37 wahine auisys[16114]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4669.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-23:28:22 wahine auisys[13621]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.788.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-23:28:55 wahine auisys[13621]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4669-4670.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-04:05:36 wahine auisys[12250]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4670-4671.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:05:30 wahine auisys[15352]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5641-5642.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:20:34 wahine auisys[16163]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5642-5643.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:35:21 wahine auisys[16939]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.789.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:50:38 wahine auisys[17924]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5643-5644.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-08:35:31 wahine auisys[26284]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5644-5645.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-09:05:29 wahine auisys[27839]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5645-5646.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-10:05:19 wahine auisys[30880]: Installing up2date package file '/var/up2date//geoipxtipv6/u2d-geoipxtipv6-9.34.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-10:20:45 wahine auisys[31698]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4671-4672.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-11:35:25 wahine auisys[3479]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.790.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-15:05:46 wahine auisys[15548]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4672-4673.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-17:55:30 wahine auisys[7111]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.791.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-20:25:47 wahine auisys[24882]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4673-4674.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-21:25:50 wahine auisys[32671]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4674-4675.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-23:40:17 wahine auisys[16320]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.792.tgz.gpg'




    It seens that UTMs will remain broken if one installed after the patch referred to above was released ('/var/up2date//cadata/u2d-cadata-9.52-53.patch.tgz.gpg').  That would elevate the severity of the problem, I assume.
Reply
  • 0 in reply to Michael Dunn
    I get no output from this command and my system produces ssl errors requiring a reboot more than once per day.


    [FONT=monospace]2014:03:23-12:54:51  wahine httpproxy[5479]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xe8cd320" function="ssl_log_errors" file="ssl.c"  line="86" message="C 10.1.2.11: 4073585520:error:14094418:SSL  routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert  number 48" [/FONT]
    [FONT=monospace]
    2014:03:23-12:54:51  wahine httpproxy[5479]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xe8cd320" function="ssl_log_errors" file="ssl.c"  line="86" message="C 10.1.2.11: 4073585520:error:140940E5:SSL  routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:989:" [/FONT]

    Rebooting restores functionality of ssl-based web connections (eg. https web sites).

    Reviewing the patches, here is a list of all patches made to the system since installation:

    up2date-2014-03-21.log.gz:2014:03:21-19:01:59 wahine auisys[16114]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.787.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:18 wahine auisys[16114]: Installing up2date package file '/var/up2date//geoip/u2d-geoip-7.82.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:34 wahine auisys[16114]: Installing up2date package file '/var/up2date//ipsbundle/u2d-ipsbundle-9.124.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:02:53 wahine auisys[16114]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5641.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-19:03:37 wahine auisys[16114]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4669.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-23:28:22 wahine auisys[13621]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.788.tgz.gpg'
    up2date-2014-03-21.log.gz:2014:03:21-23:28:55 wahine auisys[13621]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4669-4670.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-04:05:36 wahine auisys[12250]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4670-4671.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:05:30 wahine auisys[15352]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5641-5642.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:20:34 wahine auisys[16163]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5642-5643.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:35:21 wahine auisys[16939]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.789.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-05:50:38 wahine auisys[17924]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5643-5644.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-08:35:31 wahine auisys[26284]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5644-5645.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-09:05:29 wahine auisys[27839]: Installing up2date package file '/var/up2date//avira3/u2d-avira3-9.5645-5646.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-10:05:19 wahine auisys[30880]: Installing up2date package file '/var/up2date//geoipxtipv6/u2d-geoipxtipv6-9.34.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-10:20:45 wahine auisys[31698]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4671-4672.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-11:35:25 wahine auisys[3479]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.790.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-15:05:46 wahine auisys[15548]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4672-4673.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-17:55:30 wahine auisys[7111]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.791.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-20:25:47 wahine auisys[24882]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4673-4674.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-21:25:50 wahine auisys[32671]: Installing up2date package file '/var/up2date//savi/u2d-savi-9.4674-4675.patch.tgz.gpg'
    up2date-2014-03-22.log:2014:03:22-23:40:17 wahine auisys[16320]: Installing up2date package file '/var/up2date//aptp/u2d-aptp-9.792.tgz.gpg'




    It seens that UTMs will remain broken if one installed after the patch referred to above was released ('/var/up2date//cadata/u2d-cadata-9.52-53.patch.tgz.gpg').  That would elevate the severity of the problem, I assume.
Children
No Data