- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-name-or-ip/admin will still result in the mismatch error. However entering http://nas-name-or-ip/admin will not. Note this means that there is no encryption at all on the connection - so this is not something you want to deploy over the internet.
This change can coexist with a patch later on that installs TLS 1.2 (and of course it can be easily reversed).
The file that is modified is /etc/frontview/apache/Virtual.conf All that is needed is to comment out the rewrite engine rules. Changes are in blue.
#vers=2 <VirtualHost _default_:80> SSLEngine off # Eliminate HTTPS rewrite # RewriteEngine on # RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L] # RewriteRule ^/admin$ https://%{SERVER_NAME}/admin # End Eliminate HTTPS rewrite </VirtualHost>
I suggest preserving the original as Virtual.conf.orig. Reboot the NAS after updating the file.
If you copy this file on a Windows system, make sure you paste it into a tool that can save the file using Unix end-of-line convention (for instance, Notepad++). With Notepad++, set Edit->EOL Conversion to Unix (LF) before saving.
Note this is a simplified version of an earlier workaround posted by @irae for 5.3.x (v2) NAS here: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/ReadyNAS-NV-V2-TLS-Support-may-not-... @irae's version also disables SSL in httpd.conf That might be needed in the v2 NAS, but isn't needed in 4.1.x systems.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Note that @WhoCares_ has released add-ons for TLS 1.2 support at https://rnxtras.com/
Right now those are only available for 4.2.x and 5.3.x systems, though perhaps 4.1.x will show up later.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Note that @WhoCares has the link wrong for the 4.2.x version. It should be https://github.com/rdynsxtrs/rn4bin/tree/main/apache2/x86 .
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@Sabedi wrote:
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
Here's one way. As usual, you are at your own risk when using SSH to make mods to the NAS. But if you have problems you can of course post here (I suggest using opening a different thread).
(1) First you need to regain access to Frontview, so you need to begin with either using Internet Explorer, IE mode in Edge, or a old version of a browser (for instance FireFox 94.0.2).
Note that if you are running 4.2.x or 5.3.x firmware, then you can install the add-on from www.rnxtras.com at this point. That installs TLS 1.2 on those NAS, which is enough to give you access. So you can stop at this point.
(2) For the 4.1.x systems, you need to enable ssh access, using the Netgear Enable Root SSH Access add-on found here: https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc.
Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.
(3) Copy/Paste the file from the post above into Notepad++.
Go into Edit->EOL Conversion of Notepad++, and choose "unix". It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection). This is a very important step, so make sure you get this right.
Then save the file as Virtual.conf directly to a share on the NAS. Let's call that share "sharename", and assume it is on the C volume for now.
(4) Now access the NAS using SSH. Use root for the username, and the NAS admin password. If you are using windows 10, then you can do this by entering
ssh root@nas-ip-addess
from the windows search bar (using the real NAS ip address of course). Windows will ask if you want to proceed (something also about saving the fingerprint).
I'm not a Mac owner, but I believe you can also enter this same command into terminal.
Either way, you'll get a prompt for the password after you enter this command - as I said earlier use the NAS admin password.
(5) Once in, you need to copy Virtual.Conf to the destination folder. The steps below save the original file, and keep a separate copy of the changed file in the destination folder. The last command makes sure the owner/group is preserved.
cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*
using the real sharename you stored the file to in step 3. Of course substitute the real volume if you are using flexraid (and didn't put it o the c volume).
Reboot the NAS, and it should connect to Frontview with current browsers when you enter http://nas-ip-address/admin
You can alternatively just restart Frontview:
/etc/init.d/frontview restart
Note if this fails to connect (even with IE or the older firefox), you can still get into the NAS with ssh, and troubleshoot from there.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Awesome thread StephenB! I have old IE11 but I still had to go through the dreaded "ARE YOU CERTAIN!!!" page and now it just works!
I used vi to edit the Virtual.conf file after making a cp Virtual.conf Virtual.conf.orig and it was pretty straightforward, except that I did a vi :help and then didn't know how to kill it (instead I just ended the session).
Anyway this has been a long-standing bug in my ear and I thank you for making it go away!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Comment for dummies by a dummy
My goal is to implement above change , my NAS is locally not accessable from outside.
It is hard to determine which version you have , look at the status screen in frontview. Firmware: RAIDiator 4.1.16 > no update available. It was the first time I used these tools.
Enable Root SSH Access
https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc
Download Putty
https://www.putty.org/ remark : I used settings as is
Useful Putty commands
https://www.puttygen.com/putty-commands
remark : login with "root" with your admin password
Start with small steps if you are not familiar with Putty and start with copy the Virtual.conf into Virtual.conf.orig
Work with editor in Putty
https://www.guru99.com/the-vi-editor.html#5 ( gives info about save, quit, discard)
vers=2
<VirtualHost _default_:80>
SSLEngine off
# Eliminate HTTPS rewrite
# RewriteEngine on
# RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
# RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
# End Eliminate HTTPS rewrite
</VirtualHost>
With the "#" you declare the line as text , looks further harmless to me.
Restart the NAS via your old firefox browser or simple unplug the mains and reconnect. After that it might take several hours before NAS is up and running.
Remark: I didn’t use the notepad++, Putty is more straight forward.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Thx for your comments - I'm glad you were able to implement the workaround.
@robmetdemotor wrote:
Remark: I didn’t use the notepad++, Putty is more straight forward.
Just to be clear - you used vi as your editor instead of notepad++.
That's of course fine if you are comfortable with it. I went with notepad++ because I thought it would be more intuitive for people who weren't familiar with line editors.
FWIW, Putty is a good tool, but windows 10 and mac users can also use the built in ssh support (as I indicated in my guide). So most users won't need to download it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Note the 4.2.x add-on is currently failing on systems with atom processors (for instance Ultras).
Those systems can be converted OS-6, which IMO is a better path forward.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
No doubt, but I didn't manage to connect notepad++ to the NAS. Probably my lack of knowledge.
Perhaps someone can wrap up the whole procedure , review, rewrite
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@robmetdemotor wrote:
No doubt, but I didn't manage to connect notepad++ to the NAS. Probably my lack of knowledge.
Perhaps someone can wrap up the whole procedure , review, rewrite
The idea was to copy the file into Notepad++ from the post. Then save it to a share (accessing the share with SMB as usual). Then copy to the correct location using ssh.
I believe this was already clearly stated in my guide:
...
Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.
(3) Copy/Paste the file from the post above into Notepad++.
Go into settings->EOL Conversion of Notepad++, and choose "unix". It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection). This is a very important step, so make sure you get this right.
Then save the file as Virtual.conf directly to a share on the NAS. Let's call that share "sharename", and assume it is on the C volume for now.
...
(5) Once in, you need to copy Virtual.Conf to the destination folder. The steps below save the original file, and keep a separate copy of the changed file in the destination folder. The last command makes sure the owner/group is preserved.
cd /etc/frontview/apache cp /c/sharename/Virtual.conf Virtual.conf.mod mv Virtual.conf Virtual.conf.orig cp Virtual.conf.mod Virtual.conf chown admin:admin Virtual.conf*using the real sharename you stored the file to in step 3. Of course substitute the real volume if you are using flexraid (and didn't put it onto the c volume).
If you have specific text suggestions for that guide, please let me know what they are.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Hi I have firmware 4.2.31 and also get this access problem because of TLS version
Is it not possible to add an old TLS to the computer?
Is your solution working for 4.2.31?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@2lkopp wrote:
Hi I have firmware 4.2.31 and also get this access problem because of TLS version
Is it not possible to add an old TLS to the computer?
Is your solution working for 4.2.31?
Most 4.2.31 systems can be converted to OS-6 (which solves the problem).
There is also an add-on for 4.2.31 (which is now working) here: https://rnxtras.com/
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
I have a ReadyNas Ultra with 6 slots running FW 4.2.31 and would like to reach the webGUI again..
Found what sounds to be the sollution but have a quiestn, probably a stupid one, regarding the add-on from rnxtras for 4.2.31 to fix the TLS
Are all the files in the debs folder needed, even the ones marked
Fix libc6 problem with Atom CPUS
I was unsure if its only the ones marked
TLSv1.2 update for ReadyNAS OS 4.2.x (x86)
And how would i do a backup easiest of what im about to apply...?
Thanks!
Stefan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
StephenB writes that its possible to converted OS-6 for Ultra systems.
Is there some instruction for this?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@styrbiorn wrote:
I have a ReadyNas Ultra with 6 slots running FW 4.2.31 and would like to reach the webGUI again..
Found what sounds to be the sollution but have a quiestn, probably a stupid one, regarding the add-on from rnxtras for 4.2.31 to fix the TLS
Are all the files in the debs folder needed, even the ones marked
Just download and install the bin file as an add-on. https://github.com/rdynsxtrs/rn4bin/blob/main/apache2/x86/Apache2_2.2.34-x86-0.2.0.bin
You might get an error at the end of the install - if you do, just reboot anyway, and then make sure you can get in with https.
@styrbiorn wrote:
And how would i do a backup easiest of what im about to apply...?
Not sure what exactly you want to back up.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@styrbiorn wrote:
StephenB writes that its possible to converted OS-6 for Ultra systems.
Is there some instruction for this?
Yes. For instance here: https://community.netgear.com/t5/ReadyNAS-Storage-Apps-Old-Legacy/I-own-a-ReadyNas-pro-4-can-it-be-u...
I definitely recommend upgrading the Ultra's Ram to 2 GB before conversion. Note the process requires reformatting the disks, so you do need to back up your data first, and restore it after conversion.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Problem is I cant get in via GUI, only SSH. But i guess I'll try the "old browser"-way first then.
What I wanted to backup was the files being changed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@styrbiorn wrote:
Problem is I cant get in via GUI, only SSH. But i guess I'll try the "old browser"-way first then.
Yes. Or internet explorer if you use a Windows PC.
@styrbiorn wrote:
What I wanted to backup was the files being changed.
I'm not sure what the add-on changes.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.
But that is not always the case. In fact, we just recently encountered a user having this issue on their WordPress site who was migrating to Kinsta from another host. We were, of course, running the latest version of Chrome, so the issue was with their SSL certificate. Chrome is actually protecting you by not letting you load it.
You might also see a variation of the error, such as:
- Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error
- The client and server don’t support a common SSL protocol version or cipher suite
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@bekzclz11 wrote:
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.
Not true. It's happening with current Chrome/Edge/Firefox on any OS. Probably current Safari also, but I haven't checked that.
Older browsers might give cert errors, but not this particular error. This is about browsers dropping support for TLS 1.0/1.1, and requiring TLS 1.2. It has nothing to do with certs. It's because the older ReadyNAS don't have TLS 1.2.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
There are a couple Mistakes I should correct here.
First thing is the Contents of Virtual.conf.
The very first line should be Commented out.
instead of vers=2 it should be this
#vers=2
Second is when you copy the new Virtual.conf to the directoy you copied it as Virtual.conf.mod you renamed the original one to .Virtual.conf.orig and then copied the backup as the original Virtual.conf.
what should of been done was this:
cd /etc/frontview/apache
cp /c/sharename/Virtual.conf Virtual.conf.mod
mv Virtual.conf Virtual.conf.orig
cp Virtual.conf.mod Virtual.conf
chown admin:admin Virtual.conf*
Lastly there is actually no need to reboot the unit. You can restart the Frontend web service by executing this command:
/etc/init.d/frontview restart
Failure to comment out the first line will result in this error code:
Stopping frontview: apache-sslStarting frontview: apache-sslSyntax error on line 1 of /etc/frontview/apache/Virtual.conf:
Invalid command 'vers=2', perhaps misspelled or defined by a module not included in the server configuration
If everything done correctly you should see this output when you run the command to restart the frontend WebUI:
Stopping frontview: apache-sslStarting frontview: apache-sslapache-ssl: Could not reliably determine the server's fully qualified domain name, using {Redacted IP} for ServerName
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@adamwbb: Thanks for reviewing this, and posting the corrections.
I've changed the first two in the original posts.
The third isn't really a mistake - since unlike the other two, rebooting the NAS works. It's really an optimization.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
Implemented change okay, but now getting connection request refured, cleared cache reinstalled chrome , checked firewall all okay , any ideas I could try?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
@sonvolt99 wrote:
Implemented change okay, but now getting connection request refured, cleared cache reinstalled chrome , checked firewall all okay , any ideas I could try?
What NAS model and what firmware is it running? Did you install one of the two add-ons or did you edit virtual.conf?