This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Please Advise, I can not connect to ReadyNAS units from browsers, SSL error.
This started this morning, as I could connect fine yesterday.
Work arounds tried:
When I put in http adress, corrects to https and receive error
When tried compatability mode in IE, stll receive same error
Please advise as this is cripling my administration of almost a dozen units
Chrome Version 70.0.3538.77 (Official Build) (64-bit)
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Can not connect to:
ReadyNas 2304
ReadyNAS 314
ReadyNAS Ultra 2
Can connect to:
Internet Explorer 11 version 11.0.9600.19155 64-bit
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.1.28 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
Can not connect to:
ReadyNas 2304
ReadyNAS 314
Can connect to:
ReadyNAS Ultra 2
Firefox Quantum 63.0.1 (64-bit)
Secure Connection Failed
An error occurred during a connection to 192.168.1.19. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
I had the exact same issue as you have and tried similar things. Worth checking your antivirus. I've got Bitdefender, and it is causing the problem.
Under online threat prevention, there is a toggle for 'Encrypted Web Scan' flick that off and I was able to access as normal. I tried adding the address as an exception in Bitdefender but that didn't work.
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
This seems odd to me, since I am not seeing this issue with any of my NAS (OS-6, OS 4.2, OS 4.1). I am also running Chrome Version 70.0.3538.102. The OS is Windows 10. My RN526 is running 6.9.3.
The Chrome security panel says
Connection - secure (strong TLS 1.2)
The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher)
The certificate is self-signed, so it is not trusted.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
At the time, I found that I could connect via phone browser, and another computer (with same browser version) so everything was pointing at my computer. As I mentioned before I cleared cache, flushed DNS, etc all to no avail.
When I received your comment, I went back and tried again, and connected without any issue.
The only changes I see is a .net update on 11/14 (KB4459942) (I do not believe this to be the resolution as it was still not working on this date), and two microsoft windows security updates on Thursday 11/15 (KB4467107 and KB4459934). I did not make any other changes to get this working again.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
I had the exact same issue as you have and tried similar things. Worth checking your antivirus. I've got Bitdefender, and it is causing the problem.
Under online threat prevention, there is a toggle for 'Encrypted Web Scan' flick that off and I was able to access as normal. I tried adding the address as an exception in Bitdefender but that didn't work.
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
Either way it would be nice if Netgear recognised that when Antivirus and browsers are all considering their remote access solution is unsafe it is probably a hint that they need to update things.
Impossible. This has not much to do with the browsers or Antivirus - much more these are randomly applied security policies some Internet "Security" products, without real documentation, and without considering simple solutions to keep compliance for legacy devices.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
@schumaku wrote: Impossible. This has not much to do with the browsers or Antivirus - much more these are randomly applied security policies some Internet "Security" products, without real documentation, and without considering simple solutions to keep compliance for legacy devices.
I agree. Though perhaps providing a way to disable https in the OS-6 ReadyNAS might be good idea. The self-cert issues are getting more annoying over time, and https probably isn't needed for most home users.
Of course, doing this removes encryption from the commands sent to the admin page, including user name and password. So it should only be done in cases where there is no access via the internet and all parties on the intranet are trusted.
Any additional consequences to removing these re-directs? .
They are also in /etc/default/config/etc/frontview/apache/http-redirect.conf, and I'm not sure what triggers copying the defaults back to the active directory. OS re-install, I suspect, but anything else?
I'm sure it would have to be re-done after an OS update unless there was a script that did it every time the system booted.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Strange, can access both ReadyNAS here (tend to state since ever, one since the early OS6 Beta days) without any hack. Click on the HTTP bubble in the Web UI and tick allow admin access 8-)
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
Yes, but if he couldn't get to the GUI to make that change, then my change via SSH gets past that obstacle. I suspect it's what the option in the GUI does, anyway.
Yes, but if he couldn't get to the GUI to make that change, then my change via SSH gets past that obstacle. I suspect it's what the option in the GUI does, anyway.
Of course you do need to get into the GUI to make the change. Using your method would allow that, and following up with the GUI change would ensure it is sticky.
But if you aren't forwarding https to the NAS in your router and don't have ssh enabled, then it might be smart to change the setting preemptively - eliminating any chance of seeing this issue later on. However, it does give you an unencrypted browser connection, so the NAS password, etc would be visible to anything doing a network trace. So you do need to be thoughtful about the security implications.
It'd be interesting to see if your change also works with the legacy NAS, since their GUIs don't let you specify http.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
I believe you can do something similar on the legacy NASes, at least those running 4.x. I had added a lot to the apache .conf files when I was running one and think it's there, maybe in a different file. I'll take a look on my virtual machine and let you know.
Re: Can not connect to ReadyNAS via Browser(s) SSL CIPHER errors
In OS4.2.28 (which is what's on my virtual machine), the rewrite rules that control this are in /etc/frontview/apache/Virtual.conf. Tested it on my VM and it works. Typically, 4.1.x and 4.2.x follow similar structures, so I expect that's the same location for the SPARC units. It's likely in a similar location on OS 5.x.
