This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
After those findings I wonder if it would still be possible to access the RN214 in the network using SMB (SMB3 Transport Encryption is disabled), HTTP(S), SSH and FTP using the Windows machine after the aforementioned update? Migration to Linux Mint (or any other more modern OS) is not an option yet.
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1. Those include Chrome, Firefox, and Safari. Edge will only use TLS 1.0/TLS 1.1 when configured to use "IE mode". Internet Explorer still supports legacy TLS for now.
Since the browsers have already removed them, there was no need to keep those protocols in the ReadyNAS web server anymore. As they likely would show up as security vulnerabilities at some point, Netgear decided to remove them.
After those findings I wonder if it would still be possible to access the RN214 in the network using SMB (SMB3 Transport Encryption is disabled), HTTP(S), SSH and FTP using the Windows machine after the aforementioned update?
All of these work with my Windows 10 machine. I'm not running Windows 7 anymore, but they should run there also.
If you are using a recent version of Chrome, then you will need to click on the three dots on the right of the address bar. Then select "more tools" and then "developer tools". You will see an intimidating debugging window pop up. If you don't see "security" along the top (the row that starts with "elements", then click on the >> in that row. Then select Security. That screen is straightforward, and you should be able to easily find the TLS version you are using.
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1. Those include Chrome, Firefox, and Safari. Edge will only use TLS 1.0/TLS 1.1 when configured to use "IE mode". Internet Explorer still supports legacy TLS for now.
Since the browsers have already removed them, there was no need to keep those protocols in the ReadyNAS web server anymore. As they likely would show up as security vulnerabilities at some point, Netgear decided to remove them.
After those findings I wonder if it would still be possible to access the RN214 in the network using SMB (SMB3 Transport Encryption is disabled), HTTP(S), SSH and FTP using the Windows machine after the aforementioned update?
All of these work with my Windows 10 machine. I'm not running Windows 7 anymore, but they should run there also.
If you are using a recent version of Chrome, then you will need to click on the three dots on the right of the address bar. Then select "more tools" and then "developer tools". You will see an intimidating debugging window pop up. If you don't see "security" along the top (the row that starts with "elements", then click on the >> in that row. Then select Security. That screen is straightforward, and you should be able to easily find the TLS version you are using.
Removes legacy TLS 1.0 and 1.1 support from the ReadyNAS device’s embedded web server.
Starting here - commonly used browsers have already removed support for TLS 1.0/TLS 1.1.
Using Chrome 103.0.5060.114 (64-bit), security tab of the developer tools for HTTPS/TLS secured pages shows authentication using TLS 1.2, ECDHE_RSA with X25519 and CACHA20_POLY1305. So obviously browsing RN214 HTML pages with TLS 1.0 and 1.1 removed should not be a problem.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine. Now that my e-mail provider ditched TLS 1.0 and 1.1 too, even my old client does not work with POP3S/SSMTP, so I'll stick with unencrypted transmission for now. But probably the mail client was trying to use the operating system's implementation of TLS 1.2 (or the lack thereof).
So I was wondering if there could be an issue with accessing the RN214's website (should not be the case, as Chrome can access other websites via TLS 1.2 as well) or if there are problems ahead using SMB, SSH or any of the other protocols to access RN214's resources that might be using TLS underneath the surface.
I'm no expert in these things, so honestly couldn't tell. Sure there still is the possibility to try an upgrade and then downgrade again if something doesn't work, but I'd rather like to spare myself the hassle.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine.
Did you try using TLS with both ports 465 and 587?
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine.
Did you try using TLS with both ports 465 and 587?
My MTA expects POP3 to be "Secure to dedicated port (TLS)" with the port being 995. Out of interest I tried the two ports you recommend. The reply was:
I consider that clear enough a clue that the culprit is about abandoning TLS 1.0 and 1.1 which is probably the only protocol my old fashioned MUA understands. Upgrading to a more modern version also gave me errors, this time probably on OS level.
I'll ditch Windows 7 sooner or later and will migrate to Linux Mint Mate. It takes some fiddling but most of the stuff just works, including Wine. Just wanted to know if it is safe to upgrade my RN214 to 6.10.8 or if I'll lock myself out with Windows 7 which would be quite a bummer. But as it seems, at least HTTP is going to work, so if I experience issues with SMB and SSH, I can downgrade again.
Are you seeing a specific error that suggests that TLS 1.2 failed? Failure of your email client to connect doesn't seem very definitive.
I simply was not able to connect to the POP3S/SSMTP server anymore. With the old version of the mail client, it was possible. Changing the protocol to insecure POP3/SMTP on ports 25/110 instead still worked fine.
Did you try using TLS with both ports 465 and 587?
My MTA expects POP3 to be "Secure to dedicated port (TLS)" with the port being 995. Out of interest I tried the two ports you recommend. The reply was:
