Reply

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

StephenB
Guru

Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.

 

Entering https://nas-name-or-ip/admin will still result in the mismatch error.  However entering http://nas-name-or-ip/admin will not.  Note this means that there is no encryption at all on the connection - so this is not something you want to deploy over the internet.

 

This change can coexist with a patch later on that installs TLS 1.2 (and of course it can be easily reversed).

 

The file that is modified is /etc/frontview/apache/Virtual.conf  All that is needed is to comment out the rewrite engine rules.  Changes are in blue.

#vers=2
<VirtualHost _default_:80>
  SSLEngine o# Eliminate HTTPS rewrite
  # RewriteEngine on
  # RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
  # RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
  # End Eliminate HTTPS rewrite
</VirtualHost>

I suggest preserving the original as Virtual.conf.orig.  Reboot the NAS after updating the file.

 

If you copy this file on a Windows system, make sure you paste it into a tool that can save the file using Unix end-of-line convention (for instance, Notepad++). With Notepad++, set Edit->EOL Conversion to Unix (LF) before saving.

 

Note this is a simplified version of an earlier workaround posted by @irae  for 5.3.x (v2) NAS here:  https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/ReadyNAS-NV-V2-TLS-Support-may-not-...  @irae's version also disables SSL in httpd.conf  That might be needed in the v2 NAS, but isn't needed in 4.1.x systems.

 

Message 1 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Note that @WhoCares_ has released add-ons for TLS 1.2 support at https://rnxtras.com/

 

Right now those are only available for 4.2.x and 5.3.x systems, though perhaps 4.1.x will show up later.

Message 2 of 36
Sandshark
Sensei

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Note that @WhoCares has the link wrong for the 4.2.x version.  It should be https://github.com/rdynsxtrs/rn4bin/tree/main/apache2/x86 .

Message 3 of 36
Sabedi
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.

 

Message 4 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@Sabedi wrote:

Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.

 


Here's one way.  As usual, you are at your own risk when using SSH to make mods to the NAS.  But if you have problems you can of course post here (I suggest using opening a different thread).

 

(1) First you need to regain access to Frontview, so you need to begin with either using Internet Explorer, IE mode in Edge, or a old version of a browser (for instance FireFox 94.0.2).

 

Note that if you are running 4.2.x or 5.3.x firmware, then you can install the add-on from www.rnxtras.com at this point.  That installs TLS 1.2 on those NAS, which is enough to give you access.   So you can stop at this point.

 

(2) For the 4.1.x systems,  you need to enable ssh access, using the Netgear Enable Root SSH Access add-on found here: https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc.

 

Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.

 

(3) Copy/Paste the file from the post above into Notepad++. 

 

Go into Edit->EOL Conversion of Notepad++, and choose "unix".  It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection).  This is a very important step, so make sure you get this right.

 

Then save the file as Virtual.conf directly to a share on the NAS.  Let's call that share "sharename", and assume it is on the C volume for now.

 

(4) Now access the NAS using SSH.  Use root for the username, and the NAS admin password.  If you are using windows 10, then you can do this by entering 

ssh root@nas-ip-addess

from the windows search bar (using the real NAS ip address of course). Windows will ask if you want to proceed (something also about saving the fingerprint). 

 

I'm not a Mac owner, but I believe you can also enter this same command into terminal.

 

Either way, you'll get a prompt for the password after you enter this command - as I said earlier use the NAS admin password.

 

(5) Once in, you need to copy Virtual.Conf to the destination folder.  The steps below save the original file, and keep a separate copy of the changed file in the destination folder.  The last command makes sure the owner/group is preserved.

cd /etc/frontview/apache
cp /c/sharename/Virtual.conf Virtual.conf.mod
mv Virtual.conf Virtual.conf.orig
cp Virtual.conf.mod Virtual.conf
chown admin:admin Virtual.conf*

using the real sharename you stored the file to in step 3.  Of course substitute the real volume if you are using flexraid (and didn't put it o the c volume).

 

Reboot the NAS, and it should connect to Frontview with current browsers when you enter http://nas-ip-address/admin

 

You can alternatively just restart Frontview:

/etc/init.d/frontview restart

 

Note if this fails to connect (even with IE or the older firefox), you can still get into the NAS with ssh, and troubleshoot from there.

Message 5 of 36
tomupnorth
Guide

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Awesome thread StephenB! I have old IE11 but I still had to go through the dreaded "ARE YOU CERTAIN!!!" page and now it just works!

 

I used vi to edit the Virtual.conf file after making a cp Virtual.conf Virtual.conf.orig and it was pretty straightforward, except that I did a vi :help and then didn't know how to kill it (instead I just ended the session).

 

Anyway this has been a long-standing bug in my ear and I thank you for making it go away!

ReadyNAS NV+v1 RAIDiator 4.1.16
D7000v1 v1.0.1.78 VDSL2 Router
R6700v2 v1.2.0.88_1.0.1 in Bridge w/D7K's 5G
Message 6 of 36
robmetdemotor
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Comment for dummies by a dummy

My goal is to implement above change , my NAS is locally not accessable from outside.

It is hard to determine which version you have , look at the status screen in frontview. Firmware: RAIDiator 4.1.16  > no update available.  It was the first time I used these tools.

 

Enable Root SSH Access

https://kb.netgear.com/24546/Add-ons-for-RAIDiator-4-1-3-Sparc

Download Putty

https://www.putty.org/  remark : I used settings as is

Useful Putty commands

https://www.puttygen.com/putty-commands

remark : login with "root" with your admin password

Start with small steps if you are not familiar with Putty and start with copy the Virtual.conf  into Virtual.conf.orig

Work with editor in Putty

https://www.guru99.com/the-vi-editor.html#5  ( gives info about save, quit, discard)

vers=2

<VirtualHost _default_:80>

  SSLEngine off

  # Eliminate HTTPS rewrite

  # RewriteEngine on

  # RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]

  # RewriteRule ^/admin$ https://%{SERVER_NAME}/admin

  # End Eliminate HTTPS rewrite

</VirtualHost>

With the "#" you declare the line as text , looks further harmless to me.
Restart the NAS via your old firefox browser or simple unplug the mains and reconnect. After that it might take several hours before NAS is up and running.

Remark: I didn’t use the notepad++, Putty is more straight forward.

Message 7 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Thx for your comments - I'm glad you were able to implement the workaround.

 


@robmetdemotor wrote:

 

Remark: I didn’t use the notepad++, Putty is more straight forward.


Just to be clear - you used vi as your editor instead of notepad++.  

 

That's of course fine if you are comfortable with it.  I went with notepad++ because I thought it would be more intuitive for people who weren't familiar with line editors.  

 

FWIW, Putty is a good tool, but windows 10 and mac users can also use the built in ssh support (as I indicated in my guide). So most users won't need to download it. 

Message 8 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Note the 4.2.x add-on is currently failing on systems with atom processors (for instance Ultras).  

 

Those systems can be converted OS-6, which IMO is a better path forward.  

 

 

Message 9 of 36
robmetdemotor
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

No doubt, but I didn't manage to connect notepad++ to the NAS. Probably my lack of knowledge.
Perhaps someone can wrap up the whole procedure , review, rewrite

Message 10 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@robmetdemotor wrote:

No doubt, but I didn't manage to connect notepad++ to the NAS. Probably my lack of knowledge.
Perhaps someone can wrap up the whole procedure , review, rewrite


The idea was to copy the file into Notepad++ from the post.   Then save it to a share (accessing the share with SMB as usual).  Then copy to the correct location using ssh.

 

I believe this was already clearly stated in my guide:

...

Then install notepad++ on the PC from https://notepad-plus-plus.org/downloads/.

 

(3) Copy/Paste the file from the post above into Notepad++. 

 

Go into settings->EOL Conversion of Notepad++, and choose "unix".  It will gray out that option when you do that (a somewhat non-intuitive way of marking the selection).  This is a very important step, so make sure you get this right.

 

Then save the file as Virtual.conf directly to a share on the NAS.  Let's call that share "sharename", and assume it is on the C volume for now.

 

...

 

(5) Once in, you need to copy Virtual.Conf to the destination folder.  The steps below save the original file, and keep a separate copy of the changed file in the destination folder.  The last command makes sure the owner/group is preserved.

cd /etc/frontview/apache
cp /c/sharename/Virtual.conf Virtual.conf.mod
mv Virtual.conf Virtual.conf.orig
cp Virtual.conf.mod Virtual.conf
chown admin:admin Virtual.conf*

using the real sharename you stored the file to in step 3.  Of course substitute the real volume if you are using flexraid (and didn't put it onto the c volume).


If you have specific text suggestions for that guide, please let me know what they are.

Message 11 of 36
2lkopp
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Hi I have firmware 4.2.31 and also get this access problem because of TLS version

Is it not possible to add an old TLS to the computer? 

Is your solution working for 4.2.31?

Message 12 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@2lkopp wrote:

Hi I have firmware 4.2.31 and also get this access problem because of TLS version

Is it not possible to add an old TLS to the computer? 

Is your solution working for 4.2.31?


Most 4.2.31 systems can be converted to OS-6 (which solves the problem).

 

There is also an add-on for 4.2.31 (which is now working) here: https://rnxtras.com/

Message 13 of 36
styrbiorn
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

 

I have a ReadyNas Ultra with 6 slots running FW 4.2.31 and would like to reach the webGUI again..

Found what sounds to be the sollution but have a quiestn, probably a stupid one, regarding the add-on from rnxtras for 4.2.31 to fix the TLS 

 

Are all the files in the debs folder needed, even the ones marked 

Fix libc6 problem with Atom CPUS
I was unsure if its only the ones marked

TLSv1.2 update for ReadyNAS OS 4.2.x (x86)

 

And how would i do a backup easiest of what im about to apply...?

 

Thanks!

Stefan

Message 14 of 36
styrbiorn
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

StephenB writes that its possible to converted OS-6 for Ultra systems. 

Is there some instruction for this?

 

 

Message 15 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@styrbiorn wrote:

 

I have a ReadyNas Ultra with 6 slots running FW 4.2.31 and would like to reach the webGUI again..

Found what sounds to be the sollution but have a quiestn, probably a stupid one, regarding the add-on from rnxtras for 4.2.31 to fix the TLS 

 

Are all the files in the debs folder needed, even the ones marked 

Just download and install the bin file as an add-on.  https://github.com/rdynsxtrs/rn4bin/blob/main/apache2/x86/Apache2_2.2.34-x86-0.2.0.bin

 

You might get an error at the end of the install - if you do, just reboot anyway, and then make sure you can get in with https.

 


@styrbiorn wrote:

 

And how would i do a backup easiest of what im about to apply...?

 


Not sure what exactly you want to back up.  

 

Message 16 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@styrbiorn wrote:

StephenB writes that its possible to converted OS-6 for Ultra systems. 

Is there some instruction for this?

 


Yes.  For instance here: https://community.netgear.com/t5/ReadyNAS-Storage-Apps-Old-Legacy/I-own-a-ReadyNas-pro-4-can-it-be-u...

 

I definitely recommend upgrading the Ultra's Ram to 2 GB before conversion.  Note the process requires reformatting the disks, so you do need to back up your data first, and restore it after conversion.

Message 17 of 36
styrbiorn
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Problem is I cant get in via GUI, only SSH. But i guess I'll try the "old browser"-way first then.

What I wanted to backup was the files being changed.

 

 

Message 18 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@styrbiorn wrote:

Problem is I cant get in via GUI, only SSH. But i guess I'll try the "old browser"-way first then.

 


Yes.  Or internet explorer if you use a Windows PC.

 


@styrbiorn wrote:

 

What I wanted to backup was the files being changed.

 


I'm not sure what the add-on changes.

 

 

Message 19 of 36
bekzclz11
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.

But that is not always the case. In fact, we just recently encountered a user having this issue on their WordPress site who was migrating to Kinsta from another host. We were, of course, running the latest version of Chrome, so the issue was with their SSL certificate. Chrome is actually protecting you by not letting you load it.

 

You might also see a variation of the error, such as:

  • Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error
  • The client and server don’t support a common SSL protocol version or cipher suite
Message 20 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@bekzclz11 wrote:

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.

  •  

Not true.  It's happening with current Chrome/Edge/Firefox on any OS.  Probably current Safari also, but I haven't checked that.

 

Older browsers might give cert errors, but not this particular error.  This is about browsers dropping support for TLS 1.0/1.1, and requiring TLS 1.2.  It has nothing to do with certs.  It's because the older ReadyNAS don't have TLS 1.2.

Message 21 of 36
adamwbb
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

There are a couple Mistakes I should correct here.
First thing is the   Contents of Virtual.conf.
The very first line should be Commented out.
instead of  vers=2 it should be this

#vers=2

Second is when you  copy the  new Virtual.conf to the directoy you copied it as Virtual.conf.mod you  renamed the original one  to .Virtual.conf.orig  and then copied the backup as the original Virtual.conf.
what should of been done was this:

cd /etc/frontview/apache
cp /c/sharename/Virtual.conf Virtual.conf.mod
mv Virtual.conf Virtual.conf.orig
cp Virtual.conf.mod Virtual.conf
chown admin:admin Virtual.conf*

Lastly there is actually no need to reboot the unit. You can restart the Frontend web service by executing this command:

/etc/init.d/frontview restart

 Failure to comment out the first line will result in  this error code:

Stopping frontview: apache-sslStarting frontview: apache-sslSyntax error on line                                                               1 of /etc/frontview/apache/Virtual.conf:
Invalid command 'vers=2', perhaps misspelled or defined by a module not included                                                               in the server configuration

If everything done correctly you should see this output when you run the command to restart the frontend WebUI:

Stopping frontview: apache-sslStarting frontview: apache-sslapache-ssl: Could not reliably determine the server's fully qualified domain name, using {Redacted IP} for ServerName

 

Message 22 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

@adamwbb: Thanks for reviewing this, and posting the corrections.

 

I've changed the first two in the original posts.

 

The third isn't really a mistake - since unlike the other two, rebooting the NAS works.  It's really an optimization.

Message 23 of 36
sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Implemented change okay, but now getting connection request refured, cleared cache reinstalled chrome , checked firewall all okay , any ideas I could try?

Message 24 of 36
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@sonvolt99 wrote:

Implemented change okay, but now getting connection request refured, cleared cache reinstalled chrome , checked firewall all okay , any ideas I could try?


What NAS model and what firmware is it running?  Did you install one of the two add-ons or did you edit virtual.conf?

Message 25 of 36
Top Contributors
Discussion stats
  • 35 replies
  • 11387 views
  • 11 kudos
  • 14 in conversation
Announcements