NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

StephenB's avatar
StephenB
Guru - Experienced User
Feb 18, 2022

Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.   Entering https://nas-na...
Sandshark's avatar
Sandshark
Sensei
Jan 22, 2023

The only concern with that is that if FireFox is your standard browser, then you'd also be allowing SSL 1.0 for external sites, which is not a good idea.  With a separate version (which now could be a later one that previously suggested, however) that you are careful to only use for ReadyNAS access, you can more easily avoid that possibility.

 

I frankly don't understand why the browser publishers are so unaware of this problem and don't allow you to select SSL 1.0 for a specific address or range of addresses, maybe even including an easy selection of all local-only address ranges and/or limiting selection to those ranges.  ReadyNAS is not the only older device with this issue.

givememynamebak's avatar
givememynamebak
Luminary
Jan 22, 2023

Sandshark- I agree it's a risk, but legit businesses have already been forced to upgrade.  Its still a cipher, just no longer considered strong crypto.  Nearly all sites these days are ssl/https with tls 1.2/1.3 which is mostly due to security paranoia but not all companies are transmitting data that are worthy of encryption outside of a normal login or a purchase.  Any BigIP appliance like can decode https on the fly, so... there is that.  I remember when 256bit encryption was a US only thing while 56bit was used outside the US due to US tech/crypto laws (which no-one seems to talk about anymore.)  Some encryption is better than none and I see the risk as almost non-existent for TLS 1.0 sites these days.  You're right, it doesn't seem like it would have been difficult to solve with your idea to supply an IP block. It would have been a better idea than just setting a global accept TLS 1 flag and would have worked into the future as well.  They should have that across all browsers.  The patch only works once you're into your legacy ReadyNAS for long term usage.  If you have to do a factory reset, you still have to start with a supported browser unfortunately.

 

A better option would have been for these companies to support even their legacy products and supply a patch.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More