Reply

Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Hi Stephen,

Its a NAS Duo V1 running the 4.1.17 mod https://community.netgear.com/t5/forums/replypage/board-id/readynas-general/message-id/47827
, which I use to backup my Unraid self built NAS. I edited virtual.conf (both) the one in etc/frontview/apache
and one in etc/default/etc/frontview/apache.
The change worked as I no longer get the error ssl msg and got the correct response when I restarted frontview.
Since I only use it as a backup it's not a bit deal as I power it on once a week run a RSYNC from my Unraid server then
power off backup NAS with a curl script. I've tried chrome/edge & firefox all the same this site can't be reached refused to connect.

Cheers
Ken

Message 26 of 37
sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Message 27 of 37
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@sonvolt99 wrote:

I've tried chrome/edge & firefox all the same this site can't be reached refused to connect.


Have you tried using ssh, and then looking at the logs?  Maybe also try restarting apache and see what happens.

Message 28 of 37
SamirD
Prodigy

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

The easiest solution I've found for accessing older browser based devices is to simply use a portable version of the older browser it requires.  Firefox 52 ESR 32-bit has done well for me for all these including  both my Netgear NAS units.

Message 29 of 37
sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Yes have rebooted unit,  can ssh ok, odd but since making the change my curl script to shutdown Netgear NAS stopped working.
reverted to original scripts and back to normal with SSL error bur Curl script works again , downloaded an earlier version of Firefox and enabled TLS for access to admin frontview.
Will play about to try and resolve when I have more time.
Cheers

Message 30 of 37
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@sonvolt99 wrote:

Yes have rebooted unit,  can ssh ok, odd but since making the change my curl script to shutdown Netgear NAS stopped working.


Maybe post the curl script you are using?

 

All the change to virtual.conf does is eliminate any redirection from http to https.  If the curl script is already specifying https, then that should continue to work as before (still using https/tls). 

 

If the curlscript is using https, I guess you could try changing it to http, and see if that resolves it.

Message 31 of 37
sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Will give it a try but wont be till next week as working all weekend,    curl script is using https 

Message 32 of 37
Sbyd
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

I am setting up disk in Windows 10 and I cannot connect to the internet on the network. Orange lights on the NAS plug are on. Browsers are blocking access. nur works offline. this is a problem with the SMB protocol and certificates. The software is up-to-date (5.3).

Message 33 of 37
efgtest
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

ReadyNAS RND2000 v?

If you do NOT have a Linux go to STEP 4, for the step by step NAS configuration.

ALWAYS  SAVE A COPY OF THE ORIGINAL FILE. 

 

Step by Step:  For those who have a Linux PC. (Fedora version) 

STEP 1: First you have to login as Root. (Open the "Terminal") and use the "su" command

at the command line: eg: [yourname@fedora~]$ su (Press Enter)

(Enter your root password. (This step is necessary because you are going to use SSH to connect to your NAS as "Root" user.) 

STEP 2: Start the SSH session :eg: root@Fedora mike ]# ssh (Enter)

The problem is : You can NOT connect with SSH because of the same problem. you will get an error like: "  

Unable to negotiate ....no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

To fix this problem first, you have to modify the SSH config file at: etc/ssh and add a new command. "a new rule"

At prompt enter : cd /etc/ssh  then open the file "ssh_config" with "vi" then add 

one commend line  WITHOUT the "hashtag" (#) KeyAlorithms  diffie-helmman etc (the bold line)

Example: (The Bold line)

 # etc....

# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
# This system is following system-wide crypto policy.
# etc ....

 

And now save the file.!!!! (Always good to save a copy of the original ssh_config file!!!!)

STEP 3: Now you can connect to the NAS via SSH

at the prompt connect to your NAS by using the SSH command

eg: root@fedora mike]# ssh 192.168.1.200 (enter)  (Enter "yes" to accept the first time key exchange)

   

== ====AND NOW YOU ARE CONNECTED TO YOUR NAS via SSH as Root user ===

The prompt will change into something like this: 

example:  name_of_your_NAS:~# 

 STEP 4: (Modify the Virtual.conf file)

Enter cd /etc/frontview/apache/ (The directory where the "Virtual.conf" file is located

use the "ls" command to view the files if necessary. 

open this file with "vi" command. (vi Virtual.conf) [with Capital "V" !!!!]

it will look like this: 

#vers=2
<VirtualHost _default_:80>
SSLEngine off
RewriteEngine on
RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
</VirtualHost>

 

Make ALL the Bold lines a comment or "deactivate" them by adding the "#" 

<VirtualHost _default_:80>
SSLEngine off

#Start here

#RewriteEngine on
#RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
#RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]

#end here
</VirtualHost>

 

The "Start here" and "End here" are some extra comments to help you remember what you did. 

Safe the file and reboot your NAS and now you can connect without any problem. Remember it is not a secure connection! 

 

 

I hope there will a new firmware update soon  😉

 

 

Message 34 of 37
StephenB
Guru

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)


@efgtest wrote:

ReadyNAS RND2000 v?

 

Step by Step:  For those who have a Linux PC. (Fedora version) 

 


Thanks for the addition about changing the ssh config on a linux PC.  FWIW, that isn't required with Windows at this point.

 

If you have a Duo v2 - which says "ReadyNAS Duo v2" on the front panel - then I suggest using an old browser version, and installing the rnxtras add-on first.  That enables TLS 1.2 on the Duo.  If you still want to eliminate the https redirection for some reason, you can proceed with doing that.

 

Step 4 is already described in the earlier step by step (other than the use of vi).

 


@efgtest wrote:

I hope there will a new firmware update soon

 


I don't think that will ever happen.  Netgear said there would be no more updates for these models in September 2016.  They did provide one more after that in response to WannaCry in May 2017. But I think it's pretty clear they are done now - it's been 9 years since they stopping manufacturing them.

 

Message 35 of 37
saudade
Aspirant

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Just wanted to thank everyone for their contribution. 

 

I had to bring my Duo (4.1.16) back online to backup my now EOL WD EX4.  The SSL issue was driving me NUTS!!  I could only use Firefox as it prompted me to "turn back or proceed" unlike the other browsers (Chrome, Edge, Opera).   I figured it was only a matter of time until FF went all Suzy Orman on me, DENIED!!  (look her up if you don't get it).

 

Scary part was installing the root ssh access bin file but it went smoothly.  Once I had access, the rest was easy.  I did copy/paste the text for the conf file and didn't realize it had a typo in it.  The typo was corrected in a later post but I was too anxious to get this done.  The Duo didn't like it, but reading further I found the correction, made the correction, and now it connects fine with Chrome, FF, Opera, and Edge.

 

Once again, many thanks!!!

 

S

Message 36 of 37
sonvolt99
Tutor

Re: Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)

Reapplied this change when I replaced my  1.5 TB disk with a 2TB one to match the other disk , change worked fine this time so not sure what i screwed up last time. 

Thanks again stephen

Message 37 of 37
Top Contributors
Discussion stats
  • 36 replies
  • 12924 views
  • 12 kudos
  • 14 in conversation
Announcements