NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

irae's avatar
irae
Guide
Mar 14, 2020
Solved

ReadyNAS NV+ V2 TLS Support; may not be able to access soon

Hi   I have a ReadyNAS NV+ V2 which I have been using for many years. Just did some digging and I purchased it October 2012!   The problem I have is that it only support TLS V1.0. I managed to lo...
  • irae's avatar
    irae
    Apr 25, 2020

    OK, so I think I have a solution.

     

    After a bit of noseying around on the NAS drive over ssh, I found the config files in /etc/frontview/apache; there is an Apache config over in /etc/apache2/ but that one seems un-used. I've done the following

    • backed up the contents of that folder (/etc/frontview/apache) to the a backup folder under the root user (/root/conf_backup/)
    • edited Virtual.conf; this had rewrite rules from http to https (not convinced that's the most elegant way to implement https, but never mind)
    • edit httpd.conf to remove any SSL references

    I've done a couple of re-boots and the admin console apprears to be working fine over http; so I'm happy again.

     

    Virtual.conf edits:

    root@server:/etc/frontview/apache# diff Virtual.conf ~/conf_backup/
1,3d0
< #
< # edited by Ian on 13-April-2020
< #
5d1
< #edit by Ian; 13-Apr-2020
8,11c4,7
< #   RewriteEngine on
< #   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
< #   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
< #   RewriteRule ^(cgi-bin) - [L]
---
>   RewriteEngine on
>   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
>   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
>   RewriteRule ^(cgi-bin) - [L]
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    httpd.conf edits:

    root@server:/etc/frontview/apache# diff httpd.conf ~/conf_backup/
1d0
< # edited by Ian; 13-Apr-2020 at 17:38
178,190c177,185
< #Edited by Ian on 13-April-2020
< #
< # Listen 443
< # SSLEngine On
< # SSLSessionCache dbm:/ramfs/gcache.db
< # SSLSessionCacheTimeout 600
< # SSLCACertificatePath /etc/frontview/apache
< # SSLCertificateFile /etc/frontview/apache/apache.pem
< # SSLProtocol all -SSLv2 -SSLv3
< # SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
< # SSLHonorCipherOrder on
< #
< # End of Edit
---
> Listen 443
> SSLEngine On
> SSLSessionCache dbm:/ramfs/gcache.db
> SSLSessionCacheTimeout 600
> SSLCACertificatePath /etc/frontview/apache
> SSLCertificateFile /etc/frontview/apache/apache.pem
> SSLProtocol all -SSLv2 -SSLv3
> SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> SSLHonorCipherOrder on
305,312c300,303
< # Edited by Ian on 13-April-2020
< #
< # # For APPGENIE
< # SSLProxyEngine on
< # SSLProxyCheckPeerCN on
< # SSLProxyCheckPeerExpire on
< #
< # End of edit
---
> # For APPGENIE
> SSLProxyEngine on
> SSLProxyCheckPeerCN on
> SSLProxyCheckPeerExpire on
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    It does seem a bit, well backward, to push the console down to http in 2020 but it's working. This device is on my home network and I'm using as a backup to my main NAS now so it's safe enough.

     

    Hope this solution is of use to others.

     

    Thanks for the input.

    Ian

     

     

     

     

irae's avatar
irae
Guide
Mar 31, 2020

Thanks Marc for the response

 

It's a shame but was what I suspected. Annoyingly I can't "just" access over http either since the NAS 301's the request to the https equivalent URL. The NAS is running an Apache httpd server I think; thinking out loud, is there a way to ssh onto the NAS and edit the httpd.conf file and disable that 301 behaviour?

 

Ian

StephenB's avatar
StephenB
Guru - Experienced User
Mar 31, 2020
irae wrote:

 

It's a shame but was what I suspected. Annoyingly I can't "just" access over http either since the NAS 301's the request to the https equivalent URL. The NAS is running an Apache httpd server I think; thinking out loud, is there a way to ssh onto the NAS and edit the httpd.conf file and disable that 301 behaviour?

 

That might be possible, but might not be sticky (the config change might not survive reboots).  Ideally you'd disable https, so you could connect to admin page with http.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More