× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: SSL RC4 Cipher Suites Supported

SSL RC4 Cipher Suites Supported

My Nessus scan indicates the NAS has SSL RC4 Cipher Suites Supported. The risk factor is LOW so not a big deal but I would like to resolve the issue. I have tried tweaking the httpd.conf, the ssl.conf with now luck. Is there something I am missing? Does Netgear have a newer firmware coming out to rectify this issue?

 

The NAS is currently running the latest firmware 6.9.2 and I see nothing more current.

 

Any suggestions greatly appreciated.

 

Model: ReadyNAS-4200|ReadyNAS 4200
Message 1 of 5
Marc_V
NETGEAR Employee Retired

Re: SSL RC4 Cipher Suites Supported

Hi @netsysengineer

 

Welcome to the community!

 

You may want to update to 6.9.3 which contains security updates to the Kernel. CVE-2013-2566, CVE-2015-2808 have been detected on other devices and was resolved through a firmware update.

 

If you can provide documentation regarding the vulnerability on the ReadyNAS you can check here to report what you have found.

 

If you can provide us the report you got it would be great as well.

 

 

Hope this helps!

 

 

Regards

 

 

 

 

 

 

Message 2 of 5
Marc_V
NETGEAR Employee Retired

Re: SSL RC4 Cipher Suites Supported

Hi @netsysengineer

 


We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.

If your issue is now resolved, we encourage you to mark the appropriate reply as the “Accept as Solution” or post what resolved it and mark it as solution so others can be confident in benefiting from the solution.
 
The Netgear community looks forward to hearing from you and being a helpful resource in the future!


 
Regards,

Message 3 of 5

Re: SSL RC4 Cipher Suites Supported

I will install the latest firmware and update this thread with status.

Message 4 of 5

Re: SSL RC4 Cipher Suites Supported

I performed firmware update to latest 6.9.3 and it did not resolve my issue with weak SSL cipher. My nessus scan indicates SSL RC4 Cipher suite is supported and it is still supporting weak cipher algorithms. I need RC4 dissabled and to Disable the DES-CBC3-SHA cipher on port 21 and 443. There is no way to manually change these settings that I can find so I am relying on firmware upgrade to resiolve my issue. 

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 1661 views
  • 0 kudos
  • 2 in conversation
Announcements