NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
StephenB
Feb 18, 2022Guru - Experienced User
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-na...
Sabedi
Mar 05, 2022Aspirant
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
- StephenBMar 05, 2022Guru - Experienced User
Sabedi wrote:
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
Here's one way. As usual, you are at your own risk when using SSH to make mods to the NAS. But if you have problems you can of course post here (I suggest using opening a different thread).
(1) First you need to regain access to Frontview, so you need to begin with either using Internet Explorer, IE mode in Edge, or a old version of a browser (for instance FireFox 94.0.2).
Note that if you are running 4.2.x or 5.3.x firmware, then you can install the add-on from www.rnxtras.com at this point. That installs TLS 1.2 on those NAS, which is enough to give you access. So you can stop at this point.
(2) For the 4.1.x systems, you need to enable ssh access, using the Netgear Enable Root SSH Access add-on found here: https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc.
Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.
(3) Copy/Paste the file from the post above into Notepad++.
Go into Edit->EOL Conversion of Notepad++, and choose "unix". It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection). This is a very important step, so make sure you get this right.
Then save the file as Virtual.conf directly to a share on the NAS. Let's call that share "sharename", and assume it is on the C volume for now.
(4) Now access the NAS using SSH. Use root for the username, and the NAS admin password. If you are using windows 10, then you can do this by entering
ssh root@nas-ip-addess
from the windows search bar (using the real NAS ip address of course). Windows will ask if you want to proceed (something also about saving the fingerprint).
I'm not a Mac owner, but I believe you can also enter this same command into terminal.
Either way, you'll get a prompt for the password after you enter this command - as I said earlier use the NAS admin password.
(5) Once in, you need to copy Virtual.Conf to the destination folder. The steps below save the original file, and keep a separate copy of the changed file in the destination folder. The last command makes sure the owner/group is preserved.
cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*
using the real sharename you stored the file to in step 3. Of course substitute the real volume if you are using flexraid (and didn't put it o the c volume).
Reboot the NAS, and it should connect to Frontview with current browsers when you enter http://nas-ip-address/admin
You can alternatively just restart Frontview:
/etc/init.d/frontview restart
Note if this fails to connect (even with IE or the older firefox), you can still get into the NAS with ssh, and troubleshoot from there.
- tomupnorthMar 07, 2022Guide
Awesome thread StephenB! I have old IE11 but I still had to go through the dreaded "ARE YOU CERTAIN!!!" page and now it just works!
I used vi to edit the Virtual.conf file after making a cp Virtual.conf Virtual.conf.orig and it was pretty straightforward, except that I did a vi :help and then didn't know how to kill it (instead I just ended the session).
Anyway this has been a long-standing bug in my ear and I thank you for making it go away!
- robmetdemotorMar 14, 2022Initiate
Comment for dummies by a dummy
My goal is to implement above change , my NAS is locally not accessable from outside.
It is hard to determine which version you have , look at the status screen in frontview. Firmware: RAIDiator 4.1.16 > no update available. It was the first time I used these tools.
Enable Root SSH Access
https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc
Download Putty
https://www.putty.org/ remark : I used settings as is
Useful Putty commands
https://www.puttygen.com/putty-commands
remark : login with "root" with your admin password
Start with small steps if you are not familiar with Putty and start with copy the Virtual.conf into Virtual.conf.orig
Work with editor in Putty
https://www.guru99.com/the-vi-editor.html#5 ( gives info about save, quit, discard)
vers=2
<VirtualHost _default_:80>
SSLEngine off
# Eliminate HTTPS rewrite
# RewriteEngine on
# RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
# RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
# End Eliminate HTTPS rewrite
</VirtualHost>
With the "#" you declare the line as text , looks further harmless to me.
Restart the NAS via your old firefox browser or simple unplug the mains and reconnect. After that it might take several hours before NAS is up and running.Remark: I didn’t use the notepad++, Putty is more straight forward.
- adamwbbApr 22, 2022Aspirant
There are a couple Mistakes I should correct here.
First thing is the Contents of Virtual.conf.
The very first line should be Commented out.
instead of vers=2 it should be this#vers=2
Second is when you copy the new Virtual.conf to the directoy you copied it as Virtual.conf.mod you renamed the original one to .Virtual.conf.orig and then copied the backup as the original Virtual.conf.
what should of been done was this:cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*
Lastly there is actually no need to reboot the unit. You can restart the Frontend web service by executing this command:
/etc/init.d/frontview restart
Failure to comment out the first line will result in this error code:
Stopping frontview: apache-sslStarting frontview: apache-sslSyntax error on line 1 of /etc/frontview/apache/Virtual.conf: Invalid command 'vers=2', perhaps misspelled or defined by a module not included in the server configuration
If everything done correctly you should see this output when you run the command to restart the frontend WebUI:
Stopping frontview: apache-sslStarting frontview: apache-sslapache-ssl: Could not reliably determine the server's fully qualified domain name, using {Redacted IP} for ServerName
- MacNasManJan 10, 2024Guide
I performed this update this evening, worked like a charm! Thank you!
- efgtestMay 23, 2022Initiate
ReadyNAS RND2000 v?
If you do NOT have a Linux go to STEP 4, for the step by step NAS configuration.
ALWAYS SAVE A COPY OF THE ORIGINAL FILE.
Step by Step: For those who have a Linux PC. (Fedora version)
STEP 1: First you have to login as Root. (Open the "Terminal") and use the "su" command
at the command line: eg: [yourname@fedora~]$ su (Press Enter)
(Enter your root password. (This step is necessary because you are going to use SSH to connect to your NAS as "Root" user.)
STEP 2: Start the SSH session :eg: root@Fedora mike ]# ssh (Enter)
The problem is : You can NOT connect with SSH because of the same problem. you will get an error like: "
Unable to negotiate ....no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
To fix this problem first, you have to modify the SSH config file at: etc/ssh and add a new command. "a new rule"
At prompt enter : cd /etc/ssh then open the file "ssh_config" with "vi" then add
one commend line WITHOUT the "hashtag" (#) KeyAlorithms diffie-helmman etc (the bold line)
Example: (The Bold line)
# etc....
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
# This system is following system-wide crypto policy.
# etc ....And now save the file.!!!! (Always good to save a copy of the original ssh_config file!!!!)
STEP 3: Now you can connect to the NAS via SSH
at the prompt connect to your NAS by using the SSH command
eg: root@fedora mike]# ssh 192.168.1.200 (enter) (Enter "yes" to accept the first time key exchange)
== ====AND NOW YOU ARE CONNECTED TO YOUR NAS via SSH as Root user ===
The prompt will change into something like this:
example: name_of_your_NAS:~#
STEP 4: (Modify the Virtual.conf file)
Enter cd /etc/frontview/apache/ (The directory where the "Virtual.conf" file is located
use the "ls" command to view the files if necessary.
open this file with "vi" command. (vi Virtual.conf) [with Capital "V" !!!!]
it will look like this:
#vers=2
<VirtualHost _default_:80>
SSLEngine off
RewriteEngine on
RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
</VirtualHost>Make ALL the Bold lines a comment or "deactivate" them by adding the "#"
<VirtualHost _default_:80>
SSLEngine off#Start here
#RewriteEngine on
#RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
#RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]#end here
</VirtualHost>The "Start here" and "End here" are some extra comments to help you remember what you did.
Safe the file and reboot your NAS and now you can connect without any problem. Remember it is not a secure connection!
I hope there will a new firmware update soon 😉
- StephenBMay 23, 2022Guru - Experienced User
efgtest wrote:
ReadyNAS RND2000 v?
Step by Step: For those who have a Linux PC. (Fedora version)
Thanks for the addition about changing the ssh config on a linux PC. FWIW, that isn't required with Windows at this point.
If you have a Duo v2 - which says "ReadyNAS Duo v2" on the front panel - then I suggest using an old browser version, and installing the rnxtras add-on first. That enables TLS 1.2 on the Duo. If you still want to eliminate the https redirection for some reason, you can proceed with doing that.
Step 4 is already described in the earlier step by step (other than the use of vi).
efgtest wrote:I hope there will a new firmware update soon
I don't think that will ever happen. Netgear said there would be no more updates for these models in September 2016. They did provide one more after that in response to WannaCry in May 2017. But I think it's pretty clear they are done now - it's been 9 years since they stopping manufacturing them.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!