- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please Advise, I can not connect to ReadyNAS units from browsers, SSL error.
This started this morning, as I could connect fine yesterday.
Work arounds tried:
When I put in http adress, corrects to https and receive error
When tried compatability mode in IE, stll receive same error
Please advise as this is cripling my administration of almost a dozen units
Chrome Version 70.0.3538.77 (Official Build) (64-bit)
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Can not connect to:
ReadyNas 2304
ReadyNAS 314
ReadyNAS Ultra 2
Can connect to:
Internet Explorer 11 version 11.0.9600.19155 64-bit
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.1.28 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
Can not connect to:
ReadyNas 2304
ReadyNAS 314
Can connect to:
ReadyNAS Ultra 2
Firefox Quantum 63.0.1 (64-bit)
Secure Connection Failed
An error occurred during a connection to 192.168.1.19. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Can not connect to:
ReadyNas 2304
ReadyNAS 314
ReadyNAS Ultra 2
Can connect to:
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the exact same issue as you have and tried similar things. Worth checking your antivirus. I've got Bitdefender, and it is causing the problem.
Under online threat prevention, there is a toggle for 'Encrypted Web Scan' flick that off and I was able to access as normal. I tried adding the address as an exception in Bitdefender but that didn't work.
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Firmware:
ReadyNAS 2304: v6.9.4(all units same version)
ReadtNAS 314: v6.9.4(all units same version)
Ultra2: v4.2.21, v4.2.21, v4.2.30
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
No change with additional steps:
Cleared browser cache(s)
cleared microsoft SSL state
Added as trusted site(s)
Cleared DNS (ipconfig /flushdns)
Excluded ipaddresses in antivirus
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@M4RM wrote:
Internet Explorer 11 version 11.0.9600.19155 64-bit
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.1.28 again.
Did you try this?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
whoops, I missed listing this, that was one of the first thing I tried in IE - checked all 3 TLS
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
This seems odd to me, since I am not seeing this issue with any of my NAS (OS-6, OS 4.2, OS 4.1). I am also running Chrome Version 70.0.3538.102. The OS is Windows 10. My RN526 is running 6.9.3.
The Chrome security panel says
Connection - secure (strong TLS 1.2)The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher)
The certificate is self-signed, so it is not trusted.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
I seem to have exactly the samne problem - did you find a fix?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
At the time, I found that I could connect via phone browser, and another computer (with same browser version) so everything was pointing at my computer. As I mentioned before I cleared cache, flushed DNS, etc all to no avail.
When I received your comment, I went back and tried again, and connected without any issue.
The only changes I see is a .net update on 11/14 (KB4459942) (I do not believe this to be the resolution as it was still not working on this date), and two microsoft windows security updates on Thursday 11/15 (KB4467107 and KB4459934). I did not make any other changes to get this working again.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the exact same issue as you have and tried similar things. Worth checking your antivirus. I've got Bitdefender, and it is causing the problem.
Under online threat prevention, there is a toggle for 'Encrypted Web Scan' flick that off and I was able to access as normal. I tried adding the address as an exception in Bitdefender but that didn't work.
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Many thanks for your help re Bitdefender and accessing my NAS drive.
Much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Thanks for the solution via Bitdefender. Worked for me after days of headscratching!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@TikTok90 wrote:
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
Impossible. This has not much to do with the browsers or Antivirus - much more these are randomly applied security policies some Internet "Security" products, without real documentation, and without considering simple solutions to keep compliance for legacy devices.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@schumaku wrote:
Impossible. This has not much to do with the browsers or Antivirus - much more these are randomly applied security policies some Internet "Security" products, without real documentation, and without considering simple solutions to keep compliance for legacy devices.
I agree. Though perhaps providing a way to disable https in the OS-6 ReadyNAS might be good idea. The self-cert issues are getting more annoying over time, and https probably isn't needed for most home users.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Removing or commenting out these lines in /etc/frontview/apache/http-redirect.conf allows HTTP access to the admin page.
RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L] RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
Of course, doing this removes encryption from the commands sent to the admin page, including user name and password. So it should only be done in cases where there is no access via the internet and all parties on the intranet are trusted.
Any additional consequences to removing these re-directs? .
They are also in /etc/default/config/etc/frontview/apache/http-redirect.conf, and I'm not sure what triggers copying the defaults back to the active directory. OS re-install, I suspect, but anything else?
I'm sure it would have to be re-done after an OS update unless there was a script that did it every time the system booted.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@schumaku wrote:
Click on the HTTP bubble in the Web UI and tick allow admin access 8-)
I'd forgotten that setting. Yes, that does work (and of course you'd need to enable it anyway).
I also checked with 4.2.31. http://nas-ip-address/shares will connect as http, but http://nas-ip-address-admin/admin redirects to https.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Yes, but if he couldn't get to the GUI to make that change, then my change via SSH gets past that obstacle. I suspect it's what the option in the GUI does, anyway.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@Sandshark wrote:
Yes, but if he couldn't get to the GUI to make that change, then my change via SSH gets past that obstacle. I suspect it's what the option in the GUI does, anyway.
Of course you do need to get into the GUI to make the change. Using your method would allow that, and following up with the GUI change would ensure it is sticky.
But if you aren't forwarding https to the NAS in your router and don't have ssh enabled, then it might be smart to change the setting preemptively - eliminating any chance of seeing this issue later on. However, it does give you an unencrypted browser connection, so the NAS password, etc would be visible to anything doing a network trace. So you do need to be thoughtful about the security implications.
It'd be interesting to see if your change also works with the legacy NAS, since their GUIs don't let you specify http.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
I believe you can do something similar on the legacy NASes, at least those running 4.x. I had added a lot to the apache .conf files when I was running one and think it's there, maybe in a different file. I'll take a look on my virtual machine and let you know.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Great answer! Worked like a charm for me.
Thank you TikTok90!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
In OS4.2.28 (which is what's on my virtual machine), the rewrite rules that control this are in /etc/frontview/apache/Virtual.conf. Tested it on my VM and it works. Typically, 4.1.x and 4.2.x follow similar structures, so I expect that's the same location for the SPARC units. It's likely in a similar location on OS 5.x.