NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RN214 Firmware Update 6.10.7 > 6.10.8: Access with Winows 10 (SMB, HTTPS, SSH and FTP)?
Hi! I was offered a firmware update to upgrade my RN214 from version 6.10.7 to 6.10.8. The release notes (https://kb.netgear.com/000065170/ReadyNAS-OS-6-Software-Version-6-10-8) mention: Removes ...
VolkerB wrote:
The release notes (https://kb.netgear.com/000065170/ReadyNAS-OS-6-Software-Version-6-10-8) mention:
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1. Those include Chrome, Firefox, and Safari. Edge will only use TLS 1.0/TLS 1.1 when configured to use "IE mode". Internet Explorer still supports legacy TLS for now.
Since the browsers have already removed them, there was no need to keep those protocols in the ReadyNAS web server anymore. As they likely would show up as security vulnerabilities at some point, Netgear decided to remove them.
VolkerB wrote:
After those findings I wonder if it would still be possible to access the RN214 in the network using SMB (SMB3 Transport Encryption is disabled), HTTP(S), SSH and FTP using the Windows machine after the aforementioned update?
All of these work with my Windows 10 machine. I'm not running Windows 7 anymore, but they should run there also.
VolkerB wrote:
I recently tried https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 on my Windows 7 x64 SP1 box after updating my e-mail client which could not connect to the POP3S/SSMTP server anymore, seems that TLS1.2 activation failed, still no connection.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
Try browsing to the link below, and use the guide on it to tell you what version of TLS you are using:
If you are using a recent version of Chrome, then you will need to click on the three dots on the right of the address bar. Then select "more tools" and then "developer tools". You will see an intimidating debugging window pop up. If you don't see "security" along the top (the row that starts with "elements", then click on the >> in that row. Then select Security. That screen is straightforward, and you should be able to easily find the TLS version you are using.
VolkerB wrote:
The release notes (https://kb.netgear.com/000065170/ReadyNAS-OS-6-Software-Version-6-10-8) mention:
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1. Those include Chrome, Firefox, and Safari. Edge will only use TLS 1.0/TLS 1.1 when configured to use "IE mode". Internet Explorer still supports legacy TLS for now.
Since the browsers have already removed them, there was no need to keep those protocols in the ReadyNAS web server anymore. As they likely would show up as security vulnerabilities at some point, Netgear decided to remove them.
VolkerB wrote:
After those findings I wonder if it would still be possible to access the RN214 in the network using SMB (SMB3 Transport Encryption is disabled), HTTP(S), SSH and FTP using the Windows machine after the aforementioned update?
All of these work with my Windows 10 machine. I'm not running Windows 7 anymore, but they should run there also.
VolkerB wrote:
I recently tried https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 on my Windows 7 x64 SP1 box after updating my e-mail client which could not connect to the POP3S/SSMTP server anymore, seems that TLS1.2 activation failed, still no connection.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
Try browsing to the link below, and use the guide on it to tell you what version of TLS you are using:
If you are using a recent version of Chrome, then you will need to click on the three dots on the right of the address bar. Then select "more tools" and then "developer tools". You will see an intimidating debugging window pop up. If you don't see "security" along the top (the row that starts with "elements", then click on the >> in that row. Then select Security. That screen is straightforward, and you should be able to easily find the TLS version you are using.
Hi StephenB!
Thanks for getting back to me soo quickly.
StephenB wrote:
VolkerB wrote:The release notes (https://kb.netgear.com/000065170/ReadyNAS-OS-6-Software-Version-6-10-8) mention:
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1.
Using Chrome 103.0.5060.114 (64-bit), security tab of the developer tools for HTTPS/TLS secured pages shows authentication using TLS 1.2, ECDHE_RSA with X25519 and CACHA20_POLY1305. So obviously browsing RN214 HTML pages with TLS 1.0 and 1.1 removed should not be a problem.
StephenB wrote:
VolkerB wrote:I recently tried https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 on my Windows 7 x64 SP1 box after updating my e-mail client which could not connect to the POP3S/SSMTP server anymore, seems that TLS1.2 activation failed, still no connection.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine. Now that my e-mail provider ditched TLS 1.0 and 1.1 too, even my old client does not work with POP3S/SSMTP, so I'll stick with unencrypted transmission for now. But probably the mail client was trying to use the operating system's implementation of TLS 1.2 (or the lack thereof).
So I was wondering if there could be an issue with accessing the RN214's website (should not be the case, as Chrome can access other websites via TLS 1.2 as well) or if there are problems ahead using SMB, SSH or any of the other protocols to access RN214's resources that might be using TLS underneath the surface.
I'm no expert in these things, so honestly couldn't tell. Sure there still is the possibility to try an upgrade and then downgrade again if something doesn't work, but I'd rather like to spare myself the hassle.
Greets,
Volker
VolkerB wrote:
StephenB wrote:
VolkerB wrote:
I recently tried https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 on my Windows 7 x64 SP1 box after updating my e-mail client which could not connect to the POP3S/SSMTP server anymore, seems that TLS1.2 activation failed, still no connection.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine.
Did you try using TLS with both ports 465 and 587?
Hi StephenB!
StephenB wrote:Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine.
Did you try using TLS with both ports 465 and 587?
My MTA expects POP3 to be "Secure to dedicated port (TLS)" with the port being 995. Out of interest I tried the two ports you recommend. The reply was:
FETCH - TLS protocol error: Unexpected message SessionUnknownContentType ct (50).
Port 995 used to work, now it says:
TLS handshake failure. Connect failed
I consider that clear enough a clue that the culprit is about abandoning TLS 1.0 and 1.1 which is probably the only protocol my old fashioned MUA understands. Upgrading to a more modern version also gave me errors, this time probably on OS level.
I'll ditch Windows 7 sooner or later and will migrate to Linux Mint Mate. It takes some fiddling but most of the stuff just works, including Wine. Just wanted to know if it is safe to upgrade my RN214 to 6.10.8 or if I'll lock myself out with Windows 7 which would be quite a bummer. But as it seems, at least HTTP is going to work, so if I experience issues with SMB and SSH, I can downgrade again.
Thanks for your help!
Volker
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
