NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

irae's avatar
irae
Guide
Mar 14, 2020
Solved

ReadyNAS NV+ V2 TLS Support; may not be able to access soon

Hi   I have a ReadyNAS NV+ V2 which I have been using for many years. Just did some digging and I purchased it October 2012!   The problem I have is that it only support TLS V1.0. I managed to lo...
  • irae's avatar
    irae
    Apr 25, 2020

    OK, so I think I have a solution.

     

    After a bit of noseying around on the NAS drive over ssh, I found the config files in /etc/frontview/apache; there is an Apache config over in /etc/apache2/ but that one seems un-used. I've done the following

    • backed up the contents of that folder (/etc/frontview/apache) to the a backup folder under the root user (/root/conf_backup/)
    • edited Virtual.conf; this had rewrite rules from http to https (not convinced that's the most elegant way to implement https, but never mind)
    • edit httpd.conf to remove any SSL references

    I've done a couple of re-boots and the admin console apprears to be working fine over http; so I'm happy again.

     

    Virtual.conf edits:

    root@server:/etc/frontview/apache# diff Virtual.conf ~/conf_backup/
1,3d0
< #
< # edited by Ian on 13-April-2020
< #
5d1
< #edit by Ian; 13-Apr-2020
8,11c4,7
< #   RewriteEngine on
< #   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
< #   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
< #   RewriteRule ^(cgi-bin) - [L]
---
>   RewriteEngine on
>   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
>   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
>   RewriteRule ^(cgi-bin) - [L]
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    httpd.conf edits:

    root@server:/etc/frontview/apache# diff httpd.conf ~/conf_backup/
1d0
< # edited by Ian; 13-Apr-2020 at 17:38
178,190c177,185
< #Edited by Ian on 13-April-2020
< #
< # Listen 443
< # SSLEngine On
< # SSLSessionCache dbm:/ramfs/gcache.db
< # SSLSessionCacheTimeout 600
< # SSLCACertificatePath /etc/frontview/apache
< # SSLCertificateFile /etc/frontview/apache/apache.pem
< # SSLProtocol all -SSLv2 -SSLv3
< # SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
< # SSLHonorCipherOrder on
< #
< # End of Edit
---
> Listen 443
> SSLEngine On
> SSLSessionCache dbm:/ramfs/gcache.db
> SSLSessionCacheTimeout 600
> SSLCACertificatePath /etc/frontview/apache
> SSLCertificateFile /etc/frontview/apache/apache.pem
> SSLProtocol all -SSLv2 -SSLv3
> SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> SSLHonorCipherOrder on
305,312c300,303
< # Edited by Ian on 13-April-2020
< #
< # # For APPGENIE
< # SSLProxyEngine on
< # SSLProxyCheckPeerCN on
< # SSLProxyCheckPeerExpire on
< #
< # End of edit
---
> # For APPGENIE
> SSLProxyEngine on
> SSLProxyCheckPeerCN on
> SSLProxyCheckPeerExpire on
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    It does seem a bit, well backward, to push the console down to http in 2020 but it's working. This device is on my home network and I'm using as a backup to my main NAS now so it's safe enough.

     

    Hope this solution is of use to others.

     

    Thanks for the input.

    Ian

     

     

     

     

ajwh1's avatar
ajwh1
Aspirant
Jul 10, 2020

I have the same problem...

I'm not into Unix so I assume I'll lose access to the admin page.

Will I also lose network (Win10 /Retrospect) access to the shares?

 

Andrew

 

Firmware:RAIDiator 4.1.15 [1.00a043] 
Sandshark's avatar
Sandshark
Sensei
Jul 10, 2020

Just be sure to keep a copy in case your edits get overwritten.  A long time ago, I made changes in Virtual.conf on an NV+, for WebDAV, if memory serves.  If I remember correctly, any time I added or deleted a share, it re-created Virtual.conf, erasing my edits.  There may have been other instances as well.

  • irae's avatar
    irae
    Guide
    Jul 11, 2020

    Good point.

    I have kept a backup of my edits in the root user's home directory, not sure if that's wiped as you describe. And, of course, I can come back to this page to d/l the patch.

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More