Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

---

Sabedi wrote:

Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.

 

---

Here's one way.  As usual, you are at your own risk when using SSH to make mods to the NAS.  But if you have problems you can of course post here (I suggest using opening a different thread).

(1) First you need to regain access to Frontview, so you need to begin with either using Internet Explorer, IE mode in Edge, or a old version of a browser (for instance FireFox 94.0.2).

Note that if you are running 4.2.x or 5.3.x firmware, then you can install the add-on from www.rnxtras.com at this point.  That installs TLS 1.2 on those NAS, which is enough to give you access.   So you can stop at this point.

(2) For the 4.1.x systems,  you need to enable ssh access, using the Netgear Enable Root SSH Access add-on found here: https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc.

Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.

(3) Copy/Paste the file from the post above into Notepad++. 

Go into Edit->EOL Conversion of Notepad++, and choose "unix".  It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection).  This is a very important step, so make sure you get this right.

Then save the file as Virtual.conf directly to a share on the NAS.  Let's call that share "sharename", and assume it is on the C volume for now.

(4) Now access the NAS using SSH.  Use root for the username, and the NAS admin password.  If you are using windows 10, then you can do this by entering 

ssh root@nas-ip-addess

from the windows search bar (using the real NAS ip address of course). Windows will ask if you want to proceed (something also about saving the fingerprint). 

I'm not a Mac owner, but I believe you can also enter this same command into terminal.

Either way, you'll get a prompt for the password after you enter this command - as I said earlier use the NAS admin password.

(5) Once in, you need to copy Virtual.Conf to the destination folder.  The steps below save the original file, and keep a separate copy of the changed file in the destination folder.  The last command makes sure the owner/group is preserved.

cd /etc/frontview/apache
cp /c/sharename/Virtual.conf Virtual.conf.mod
mv Virtual.conf Virtual.conf.orig
cp Virtual.conf.mod Virtual.conf
chown admin:admin Virtual.conf*

using the real sharename you stored the file to in step 3.  Of course substitute the real volume if you are using flexraid (and didn't put it o the c volume).

Reboot the NAS, and it should connect to Frontview with current browsers when you enter http://nas-ip-address/admin

You can alternatively just restart Frontview:

/etc/init.d/frontview restart

Note if this fails to connect (even with IE or the older firefox), you can still get into the NAS with ssh, and troubleshoot from there.

ReadyNAS RND2000 v?

If you do NOT have a Linux go to STEP 4, for the step by step NAS configuration.

ALWAYS  SAVE A COPY OF THE ORIGINAL FILE. 

Step by Step:  For those who have a Linux PC. (Fedora version) 

STEP 1: First you have to login as Root. (Open the "Terminal") and use the "su" command

at the command line: eg: [yourname@fedora~]$ su (Press Enter)

(Enter your root password. (This step is necessary because you are going to use SSH to connect to your NAS as "Root" user.) 

STEP 2: Start the SSH session :eg: root@Fedora mike ]# ssh (Enter)

The problem is : You can NOT connect with SSH because of the same problem. you will get an error like: "  

Unable to negotiate ....no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

To fix this problem first, you have to modify the SSH config file at: etc/ssh and add a new command. "a new rule"

At prompt enter : cd /etc/ssh  then open the file "ssh_config" with "vi" then add 

one commend line  WITHOUT the "hashtag" (#) KeyAlorithms  diffie-helmman etc (the bold line)

Example: (The Bold line)

 # etc....

# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
# This system is following system-wide crypto policy.
# etc ....

And now save the file.!!!! (Always good to save a copy of the original ssh_config file!!!!)

STEP 3: Now you can connect to the NAS via SSH

at the prompt connect to your NAS by using the SSH command

eg: root@fedora mike]# ssh 192.168.1.200 (enter)  (Enter "yes" to accept the first time key exchange)

== ====AND NOW YOU ARE CONNECTED TO YOUR NAS via SSH as Root user ===

The prompt will change into something like this: 

example:  name_of_your_NAS:~# 

 STEP 4: (Modify the Virtual.conf file)

Enter cd /etc/frontview/apache/ (The directory where the "Virtual.conf" file is located

use the "ls" command to view the files if necessary. 

open this file with "vi" command. (vi Virtual.conf) [with Capital "V" !!!!]

it will look like this: 

#vers=2
<VirtualHost _default_:80>
SSLEngine off
RewriteEngine on
RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
</VirtualHost>

Make ALL the Bold lines a comment or "deactivate" them by adding the "#" 

<VirtualHost _default_:80>
SSLEngine off

#Start here

#RewriteEngine on
#RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
#RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]

#end here
</VirtualHost>

The "Start here" and "End here" are some extra comments to help you remember what you did. 

Safe the file and reboot your NAS and now you can connect without any problem. Remember it is not a secure connection! 

I hope there will a new firmware update soon  😉