NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-na...
The only concern with that is that if FireFox is your standard browser, then you'd also be allowing SSL 1.0 for external sites, which is not a good idea. With a separate version (which now could be a later one that previously suggested, however) that you are careful to only use for ReadyNAS access, you can more easily avoid that possibility.
I frankly don't understand why the browser publishers are so unaware of this problem and don't allow you to select SSL 1.0 for a specific address or range of addresses, maybe even including an easy selection of all local-only address ranges and/or limiting selection to those ranges. ReadyNAS is not the only older device with this issue.
Sandshark- I agree it's a risk, but legit businesses have already been forced to upgrade. Its still a cipher, just no longer considered strong crypto. Nearly all sites these days are ssl/https with tls 1.2/1.3 which is mostly due to security paranoia but not all companies are transmitting data that are worthy of encryption outside of a normal login or a purchase. Any BigIP appliance like can decode https on the fly, so... there is that. I remember when 256bit encryption was a US only thing while 56bit was used outside the US due to US tech/crypto laws (which no-one seems to talk about anymore.) Some encryption is better than none and I see the risk as almost non-existent for TLS 1.0 sites these days. You're right, it doesn't seem like it would have been difficult to solve with your idea to supply an IP block. It would have been a better idea than just setting a global accept TLS 1 flag and would have worked into the future as well. They should have that across all browsers. The patch only works once you're into your legacy ReadyNAS for long term usage. If you have to do a factory reset, you still have to start with a supported browser unfortunately.
A better option would have been for these companies to support even their legacy products and supply a patch.
givememynamebak wrote:
Its still a cipher, just no longer considered strong crypto.
Just to clarify this for others:
A bad actor with enough computation resources can successfully pull off a "man in the middle" attack with TLS 1.0. For instance, it can intercept your communications with your bank, and there is no way you could tell that was happening. It could even substitute mis-information for the info from the real bank website, and your browser could not detect that.
This attack was considered theoretical for a long time - but in 2017, some researchers pulled it off in practice. It required a lot of computer resources - making it very expensive for the bad actor. However, over time the computation cost continues to drop, so at some point it becomes affordable. I don't know what the cost would be with current cloud computers.
The risk of making the setting change in FireFox is that the downgrade to TLS 1.0 is (silently) allowed for every site you visit, and not just when communicating with the NAS. So you would be undefended against these attacks.
This is the crux of the problem of using legacy equipment though. The only way to avoid issues with legacy equipment is generally to just keep it 'period correct'. That does limit its usefulness, but its usefulness approaches nothing when trying to use it with 'modern' equipment. And this isn't an issue with just NAS units or Netgear or any brand or device--it is an age old problem that manufacturers have realized is their worst enemy to new sales so now 'forced obsolescence' is the new mantra. We're lucky these devices don't have a 'call home and die' feature.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
