NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-na...
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
Sabedi wrote:
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
Here's one way. As usual, you are at your own risk when using SSH to make mods to the NAS. But if you have problems you can of course post here (I suggest using opening a different thread).
(1) First you need to regain access to Frontview, so you need to begin with either using Internet Explorer, IE mode in Edge, or a old version of a browser (for instance FireFox 94.0.2).
Note that if you are running 4.2.x or 5.3.x firmware, then you can install the add-on from www.rnxtras.com at this point. That installs TLS 1.2 on those NAS, which is enough to give you access. So you can stop at this point.
(2) For the 4.1.x systems, you need to enable ssh access, using the Netgear Enable Root SSH Access add-on found here: https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc.
Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.
(3) Copy/Paste the file from the post above into Notepad++.
Go into Edit->EOL Conversion of Notepad++, and choose "unix". It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection). This is a very important step, so make sure you get this right.
Then save the file as Virtual.conf directly to a share on the NAS. Let's call that share "sharename", and assume it is on the C volume for now.
(4) Now access the NAS using SSH. Use root for the username, and the NAS admin password. If you are using windows 10, then you can do this by entering
ssh root@nas-ip-addess
from the windows search bar (using the real NAS ip address of course). Windows will ask if you want to proceed (something also about saving the fingerprint).
I'm not a Mac owner, but I believe you can also enter this same command into terminal.
Either way, you'll get a prompt for the password after you enter this command - as I said earlier use the NAS admin password.
(5) Once in, you need to copy Virtual.Conf to the destination folder. The steps below save the original file, and keep a separate copy of the changed file in the destination folder. The last command makes sure the owner/group is preserved.
cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*
using the real sharename you stored the file to in step 3. Of course substitute the real volume if you are using flexraid (and didn't put it o the c volume).
Reboot the NAS, and it should connect to Frontview with current browsers when you enter http://nas-ip-address/admin
You can alternatively just restart Frontview:
/etc/init.d/frontview restart
Note if this fails to connect (even with IE or the older firefox), you can still get into the NAS with ssh, and troubleshoot from there.
Awesome thread StephenB! I have old IE11 but I still had to go through the dreaded "ARE YOU CERTAIN!!!" page and now it just works!
I used vi to edit the Virtual.conf file after making a cp Virtual.conf Virtual.conf.orig and it was pretty straightforward, except that I did a vi :help and then didn't know how to kill it (instead I just ended the session).
Anyway this has been a long-standing bug in my ear and I thank you for making it go away!
Comment for dummies by a dummy
My goal is to implement above change , my NAS is locally not accessable from outside.
It is hard to determine which version you have , look at the status screen in frontview. Firmware: RAIDiator 4.1.16 > no update available. It was the first time I used these tools.
Enable Root SSH Access
https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc
Download Putty
https://www.putty.org/ remark : I used settings as is
Useful Putty commands
https://www.puttygen.com/putty-commands
remark : login with "root" with your admin password
Start with small steps if you are not familiar with Putty and start with copy the Virtual.conf into Virtual.conf.orig
Work with editor in Putty
https://www.guru99.com/the-vi-editor.html#5 ( gives info about save, quit, discard)
vers=2
<VirtualHost _default_:80>
SSLEngine off
# Eliminate HTTPS rewrite
# RewriteEngine on
# RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
# RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
# End Eliminate HTTPS rewrite
</VirtualHost>
With the "#" you declare the line as text , looks further harmless to me.
Restart the NAS via your old firefox browser or simple unplug the mains and reconnect. After that it might take several hours before NAS is up and running.Remark: I didn’t use the notepad++, Putty is more straight forward.
Thx for your comments - I'm glad you were able to implement the workaround.
robmetdemotor wrote:
Remark: I didn’t use the notepad++, Putty is more straight forward.
Just to be clear - you used vi as your editor instead of notepad++.
That's of course fine if you are comfortable with it. I went with notepad++ because I thought it would be more intuitive for people who weren't familiar with line editors.
FWIW, Putty is a good tool, but windows 10 and mac users can also use the built in ssh support (as I indicated in my guide). So most users won't need to download it.
Great thread. I was finally able to access an old NV+ I had kicking around. Thanks to all who contributed!
Hello, I am late to the party. I have a ReadyNAS Duo v2 and the firmware installed is 5.3.13 which still seems to be the latest. I had not used the admin page for several years and now I get the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
I saw many and long replies about those who didn't have the latest firmware, but what about those like me who have it ? I might have missed it since this thread is pretty long but what am I supposed to do ? I checked https://rnxtras.com/ but the website doesn't respond...
There are a couple Mistakes I should correct here.
First thing is the Contents of Virtual.conf.
The very first line should be Commented out.
instead of vers=2 it should be this#vers=2Second is when you copy the new Virtual.conf to the directoy you copied it as Virtual.conf.mod you renamed the original one to .Virtual.conf.orig and then copied the backup as the original Virtual.conf.
what should of been done was this:cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*Lastly there is actually no need to reboot the unit. You can restart the Frontend web service by executing this command:
/etc/init.d/frontview restartFailure to comment out the first line will result in this error code:
Stopping frontview: apache-sslStarting frontview: apache-sslSyntax error on line 1 of /etc/frontview/apache/Virtual.conf: Invalid command 'vers=2', perhaps misspelled or defined by a module not included in the server configurationIf everything done correctly you should see this output when you run the command to restart the frontend WebUI:
Stopping frontview: apache-sslStarting frontview: apache-sslapache-ssl: Could not reliably determine the server's fully qualified domain name, using {Redacted IP} for ServerNameI performed this update this evening, worked like a charm! Thank you!
Thank you so much StephenB and all of the others that contributed to this thread. You helped me recover what an apparently bricked NV+ v3 unit. Yes I know the unit is old, but so am I.
The physical label on the machine indicates v3. As I understand, the v3 units were just like the v2, but were a minor software variation at the time of manufacture. A "distinction without a difference" so to speak. Is that correct?
At the time it went south on me, it was at level 4.1.14. With your procedures, I was able to recover to somewhat "normal" web access to it. THEN, I was able to upgrade it to 4.1.16 which corrected that SAMBA issue. Now we are making progress.
Now here comes the rub. I am trying to upgrade it to version 5.3.13 to get TSL 1.2, (see https://kb.netgear.com/000038794/RAIDiator-arm-Version-5-3-13-for-ReadyNAS-Duo-v2-NV-v2) but that upgrade times out (5 minutes?) through FrontView. I have looked through the many log files, but not 100% sure where to find the culprit.
All help is respectfully appreciated. Thanks.
Weaverita wrote:
The physical label on the machine indicates v3. As I understand, the v3 units were just like the v2, but were a minor software variation at the time of manufacture. A "distinction without a difference" so to speak. Is that correct?
Now here comes the rub. I am trying to upgrade it to version 5.3.13 to get TSL 1.2,
You actually have the original NV+ (called a v1 here). The labeling is confusing, thanks to a poor branding decision on Netgear's part. The v3 in your case was a minor hardware change, not a platform change. In other words, the original NV+ shipped with both v2 and v3 labels, but they are very different from the NV+ v2 platform.
Since you have a sparc-based NAS, you can't install 5.3.x firmware (which is for the "real" v2 which has an arm CPU). And there is no TLS 1.2 add-on available for 4.1.x firmware.
Your only options are to
- Make the change to virtual.conf so you can access Frontview with normal (unencrypted) http
- Use FireFox with the security setting change - setting security.tls.version.min to 1. (Browse to about:config and search for the setting).
StephenB Thanks.
I have heard you explain this before, but it finally landed. Yes, the branding / model / versioning really took me off the rails. Lesson learned for anyone in marketing.
I have a ReadyNAS314 and Ready316 that are still working for me so I think it is time to say goodbye to the NV+V1(NOT V3). I can not expose this old unit. Too risky.
A very gracious thank you again Stephen for all of your many contributions. You rock.
PS. I do need another NAS unit. Any pointers to a good discussion forum for new brands / models to buy? Netgear? Synology? Buffalo? Qnap?
This is a great workaround. Thank you.
I did not think i would be using the Readynas Duo in 2024 but I have 2, both have sat doing nothing for 10 years and I was about to bin them and in resetting them I fired them up again. Thank you so much.
You're welcome! Definitely do not bin them if they're still working! My NVX is still running strong and probably will for a long time. In another 10 years these units will be in demand as they will be the only type of units that will work with computers from the same era as modern units won't work. And I'm lucky enough that old computers work fine for what I need daily, so if you ever find yourself not needing them anymore, please reach out to me and I can give them a new home.
Same, my first Infrant RN600, NV+, Pro6 and 628x are ALL still going strong! I've even dockerized all my debian packages to install in /apps, show up in frontview apps with a toggle for OS6 and am able to update to "latest" docker images on most packages, except the few that require a newer docker (like Portainer) version than Debian Jessie provides. It should still last awhile I would think.
RIP Infrant/ReadyNAS!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
