My Nessus scan indicates the NAS hasSSL RC4 Cipher Suites Supported. The risk factor is LOW so not a big deal but I would like to resolve the issue. I have tried tweaking the httpd.conf, the ssl.conf with now luck. Is there something I am missing? Does Netgear have a newer firmware coming out to rectify this issue?
The NAS is currently running the latest firmware 6.9.2 and I see nothing more current.
You may want to update to 6.9.3 which contains security updates to the Kernel. CVE-2013-2566, CVE-2015-2808 have been detected on other devices and was resolved through a firmware update.
If you can provide documentation regarding the vulnerability on the ReadyNAS you can check here to report what you have found.
If you can provide us the report you got it would be great as well.
We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.
If your issue is now resolved, we encourage you to mark the appropriate reply as the “Accept as Solution” or post what resolved it and mark it as solution so others can be confident in benefiting from the solution.
The Netgear community looks forward to hearing from you and being a helpful resource in the future!
I performed firmware update to latest 6.9.3 and it did not resolve my issue with weak SSL cipher. My nessus scan indicates SSL RC4 Cipher suite is supported and it is still supporting weak cipher algorithms. I need RC4 dissabled and to Disable the DES-CBC3-SHA cipher on port 21 and 443. There is no way to manually change these settings that I can find so I am relying on firmware upgrade to resiolve my issue.
