NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ReadyNAS NV+ V2 TLS Support; may not be able to access soon
Hi I have a ReadyNAS NV+ V2 which I have been using for many years. Just did some digging and I purchased it October 2012! The problem I have is that it only support TLS V1.0. I managed to lo...
OK, so I think I have a solution.
After a bit of noseying around on the NAS drive over ssh, I found the config files in /etc/frontview/apache; there is an Apache config over in /etc/apache2/ but that one seems un-used. I've done the following
- backed up the contents of that folder (/etc/frontview/apache) to the a backup folder under the root user (/root/conf_backup/)
- edited Virtual.conf; this had rewrite rules from http to https (not convinced that's the most elegant way to implement https, but never mind)
- edit httpd.conf to remove any SSL references
I've done a couple of re-boots and the admin console apprears to be working fine over http; so I'm happy again.
Virtual.conf edits:
root@server:/etc/frontview/apache# diff Virtual.conf ~/conf_backup/ 1,3d0 < # < # edited by Ian on 13-April-2020 < # 5d1 < #edit by Ian; 13-Apr-2020 8,11c4,7 < # RewriteEngine on < # RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L] < # RewriteRule ^/admin$ https://%{SERVER_NAME}/admin < # RewriteRule ^(cgi-bin) - [L] --- > RewriteEngine on > RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L] > RewriteRule ^/admin$ https://%{SERVER_NAME}/admin > RewriteRule ^(cgi-bin) - [L] root@nas-BE-AB-2D:/etc/frontview/apache#httpd.conf edits:
root@server:/etc/frontview/apache# diff httpd.conf ~/conf_backup/ 1d0 < # edited by Ian; 13-Apr-2020 at 17:38 178,190c177,185 < #Edited by Ian on 13-April-2020 < # < # Listen 443 < # SSLEngine On < # SSLSessionCache dbm:/ramfs/gcache.db < # SSLSessionCacheTimeout 600 < # SSLCACertificatePath /etc/frontview/apache < # SSLCertificateFile /etc/frontview/apache/apache.pem < # SSLProtocol all -SSLv2 -SSLv3 < # SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA < # SSLHonorCipherOrder on < # < # End of Edit --- > Listen 443 > SSLEngine On > SSLSessionCache dbm:/ramfs/gcache.db > SSLSessionCacheTimeout 600 > SSLCACertificatePath /etc/frontview/apache > SSLCertificateFile /etc/frontview/apache/apache.pem > SSLProtocol all -SSLv2 -SSLv3 > SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > SSLHonorCipherOrder on 305,312c300,303 < # Edited by Ian on 13-April-2020 < # < # # For APPGENIE < # SSLProxyEngine on < # SSLProxyCheckPeerCN on < # SSLProxyCheckPeerExpire on < # < # End of edit --- > # For APPGENIE > SSLProxyEngine on > SSLProxyCheckPeerCN on > SSLProxyCheckPeerExpire on root@nas-BE-AB-2D:/etc/frontview/apache#
It does seem a bit, well backward, to push the console down to http in 2020 but it's working. This device is on my home network and I'm using as a backup to my main NAS now so it's safe enough.
Hope this solution is of use to others.
Thanks for the input.
Ian
Hey, how do you SSH into the NAS? i do not see an option to enable it in the dashboard.
I am able to access it through a browser called "pale moon" that still supports TLS 1.0, and i would like to edit the configuration so i can access it with my regular browsers.
But i cannot figure out where to enable SSH.
khyretos wrote:
But i cannot figure out where to enable SSH.
You can enable ssh by installing the add-on here:
But all you really need to do is install this add-on (which adds TLS 1.2 support)
This is assuming you have a v2 (which runs 5.3.x firmware). If your NAS runs 4.1.x firmware, then it is the original Duo, and these add-ons won't work. If you have an original Duo, then you'd need to install the add-on from here to enable ssh:
Thank you!
I was so confused because in the admin page there are no apps or anything available.
i just want to mount and use the NAS as if it were a disk on my ubuntu server. i managed to do it with NFS but i also wanted the option to eventually enter the page if something happens.
ANd you are correct i do have the ReadyNAS NV+ v2, RDSN4000-200EUS
Thank you so much!
BTW, the apache2 fix does not work in this model because the architecture is ARM and if i try to drop it i get "Architecture is bad"
so i guess my only option to make it work is to do the SSH thing and adjust the settings.
khyretos wrote:
BTW, the apache2 fix does not work in this model because the architecture is ARM and if i try to drop it i get "Architecture is bad"
Sorry, my mistake (I posted the wrong link). Use this one:
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
