NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-na...
bekzclz11 wrote:
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.
Not true. It's happening with current Chrome/Edge/Firefox on any OS. Probably current Safari also, but I haven't checked that.
Older browsers might give cert errors, but not this particular error. This is about browsers dropping support for TLS 1.0/1.1, and requiring TLS 1.2. It has nothing to do with certs. It's because the older ReadyNAS don't have TLS 1.2.
StephenB- I think with any version of Firefox (I'm using latest to date 109.0 on a Mac) you can go to about:config and search for security.tls.version.min and change it to 1. Then you can get to FrontView on older ReadyNAS without needing specific versions of Firefox.
givememynamebak wrote:
I think with any version of Firefox (I'm using latest to date 109.0 on a Mac) you can go to about:config and search for security.tls.version.min and change it to 1. Then you can get to FrontView on older ReadyNAS without needing specific versions of Firefox.
That certainly is simpler than downloading an old version. Thx for sharing.
The only concern with that is that if FireFox is your standard browser, then you'd also be allowing SSL 1.0 for external sites, which is not a good idea. With a separate version (which now could be a later one that previously suggested, however) that you are careful to only use for ReadyNAS access, you can more easily avoid that possibility.
I frankly don't understand why the browser publishers are so unaware of this problem and don't allow you to select SSL 1.0 for a specific address or range of addresses, maybe even including an easy selection of all local-only address ranges and/or limiting selection to those ranges. ReadyNAS is not the only older device with this issue.
Sandshark wrote:
The only concern with that is that if FireFox is your standard browser, then you'd also be allowing SSL 1.0 for external sites, which is not a good idea.
Yes that is the risk. Personally I prefer the patch to allow normal http connections for Frontview (and not allowing internet connections to the legacy NAS).
StephenB- FWIW: Also in Firefox, you can also change security.tls.hello_downgrade_check to false to get rid of the TLS Security Warning where you have to click accept to proceed. I use Firefox on my home network and Chrome for everything else.
Also in windows 11, you can search for "Turn windows feature on or off" and check "SMB 1.0/CIFS File Sharing Support" to discover the network shares.
Thankfully they leave these as options for us!
givememynamebak wrote:StephenB- FWIW: Also in Firefox, you can also change security.tls.hello_downgrade_check to false to get rid of the TLS Security Warning where you have to click accept to proceed. I use Firefox on my home network and Chrome for everything else.
But, that does make the exception for all cases, which is probably a bad idea for external sites. So maintaining a separate install for ReadyNAS access is still a good idea.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
