Captive Portal: No Splash Page Under iOS

[aque]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

Captive portal under 25.1 does not display the splash page for iOS devices. This was tested with an iPhone running iOS 18.3 and it worked on version 24.7.12. tcpdump shows that iOS connects with TLSv1.2 which is disabled. OPNsense responds with Alert (Level: Fatal, Description: Protocol Version) to the TLS Client Hello.

Manually testing with TLSv1.3, the connection succeeds:

$ curl --tlsv1.3 --tls-max 1.3 --head https://gw.domain.tld:8000/index.html?redirurl=google.com
HTTP/2 200 
content-type: text/html
last-modified: Fri, 07 Feb 2025 02:59:37 GMT
content-length: 14113
cache-control: max-age=21600
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
date: Sat, 08 Feb 2025 18:54:24 GMT
server: OPNsense

The same connection fails with TLSv1.2:

$ curl --verbose --tlsv1.2 --tls-max 1.2 --head https://gw.domain.tld:8000/index.html?redirurl=google.com
*   Trying 192.168.16.1:8000...
* Connected to gw.domain.tld (192.168.16.1) port 8000 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.2 (IN), TLS alert, protocol version (582):
* OpenSSL/3.0.15: error:0A00042E:SSL routines::tlsv1 alert protocol version
* Closing connection 0
curl: (35) OpenSSL/3.0.15: error:0A00042E:SSL routines::tlsv1 alert protocol version

To Reproduce

Steps to reproduce the behavior:

1. Connect an iPhone to a wireless network behind a captive portal.

Expected behavior

A splash page pop up upon joining the wireless network.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 25.1-amd64
Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
igb network driver

[AdSchellevis]

could be caused by:

core/src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf

Line 160 in 986dcb2

ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

The cipher-list option was deprecated (https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL), maybe in recent versions it has side affects (assuming you did not configure anything in "System: Trust: Settings").

Can you try to remove that line and restart captive portal? If that fixes your problem, it might be better if we stick to platform defaults in which case we can ditch cipher-list too.

[aque]

All items under "System: Trust: Settings" are unchecked. I found the following under lighttpd Cipher Selection:

# DEFAULT: As of Jan 2025 with lighttpd 1.4.77:
#
# STRONGEST: As of Sep 2020, for use w/ modern clients only; not compat w/ older clients
#ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3",
#                            "Options" => "-ServerPreference")

ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") is strongly recommended (and "TLSv1.3" if supported by clients) (note: prefer lighttpd defaults)

I kept ssl.cipher-list but added ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") based on that recommendation. This change fixed the issue.

[aque]

I forgot to add that this works as well. It may be the one to use since this is closest to their defaults.

ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2",
                            "Options" => "-ServerPreference")

[fichtner]

Thanks for debugging. For context: 25.1 ships with lighttpd 1.4.77 and they indeed changed the default MinProtocol as described. https://www.lighttpd.net/2025/1/10/1.4.77/

[aque]

For some reason, this only affects iOS wireless joins. Launching Safari and manually going to http://captive.apple.com correctly displays the captive portal page. So Safari itself supports TLSv1.3 but wifi joins are locked to TLSv1.2.

[AdSchellevis]

maybe we should just use the same defaults as the webgui in this case, I'll push a commit to change to that:

core/src/etc/inc/plugins.inc.d/webgui.inc

Lines 420 to 424 in 8ea8b90

	ssl.openssl.ssl-conf-cmd = (
	"MinProtocol" => "TLSv1.2",
	"Options" => "-ServerPreference",
	"CipherString" => "EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384"
	)