Attempt to login to USG100, Chrome reports ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Options
AWUSupport
AWUSupport Posts: 43  Freshman Member
First Anniversary 10 Comments Friend Collector
When we attempt to login to 2 separate USG100 devices with latest version of Google Chrome we get the following error:

This site can’t provide a secure connection

192.168.1.1 uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

Followed suggestions detailed here however no difference, same error: 
https://community.zyxel.com/en/discussion/1920/attempt-to-login-to-usg40-chrome-reports-err-ssl-version-or-cipher-mismatch

Curious thing is we can access a USG20W using same browser Chrome from same workstation (Win11 Pro) and no errors - so identical Internet Options, Chrome settings, etc. We believe it must be a different setting on the USG40W compared to USG100 causing this.

Anyone have any ideas?

Best Answers

  • Fred_77
    Fred_77 Posts: 115  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hi,
    fw 3.30 AQQ.7 WK48 solve this issue

    Fred
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,100  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2022 Answer ✓
    Options
    Hi @AWUSupport

    Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24

    PC OS: Windows 11 Pro, latest release
    Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)
    Chrome Incognito mode: still same error, as per screen capture below

    Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.

    Screen capture:
    Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution.  The user could follow the below procedures to login to USG100, thanks.

    STEP1. Enter the USG100 login page via the Edge browser and reload the page in IE mode.


    STEP2. Then can enter the device login page.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,100  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hello @AWUSupport

    The reason is their TLS version is different.  The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.



    I captured the packet at my lab site, please refer to the below results:

    It was captured from ZyWall USG 100.


    It was captured from ZyWall USG 20W.


    Thanks.
«13

All Replies

  • AWUSupport
    AWUSupport Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited December 2022
    Options
    Further details ... exactly same settings in both USG100's and USG20W. 

    Router# show ip http server secure status
    active               : yes
    port                 : 443
    certificate          : default
    force redirect       : yes
    authentication client: no
    anti beast attack    : no
    strong cipher suite  : yes
    cipher suite         : rc4 aes des 3des
    sslv3 support        : no
    admin service control:
    No. Zone                 Address                          Action
    ==================================================
    user service control:
    No. Zone                 Address                          Action
    ==================================================
    Router#
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,100  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Could you share the screenshot of the error message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" with us?
    What is the current firmware version of USG 100 and USG20W?
    What are your PC OS version and Chrome version?
    Have you ever tried to use Chrome with incognito mode to login to the USG100?
    Have you ever tried to use another browser such as Firefox, Edge, etc. to login to the USG100?
  • mMontana
    mMontana Posts: 1,338  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    The firmware is older than (redacted).
    IMVHO only IE in compatibility mode could access to that.
  • Fred_77
    Fred_77 Posts: 115  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hi,
    fw 3.30 AQQ.7 WK48 solve this issue

    Fred
  • AWUSupport
    AWUSupport Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Could you share the screenshot of the error message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" with us?
    What is the current firmware version of USG 100 and USG20W?
    What are your PC OS version and Chrome version?
    Have you ever tried to use Chrome with incognito mode to login to the USG100?
    Have you ever tried to use another browser such as Firefox, Edge, etc. to login to the USG100?
    Firmware of USG20W: 3.30(BDR.9) / 1.15 / 2016-11-22 10:05:22
    Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24

    PC OS: Windows 11 Pro, latest release
    Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)
    Chrome Incognito mode: still same error, as per screen capture below

    Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.

    Screen capture:

  • AWUSupport
    AWUSupport Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Fred_77 said:
    Hi,
    fw 3.30 AQQ.7 WK48 solve this issue

    Fred
    Hi Fred,

    Didn't realise any firmware for USG100 had been released since 2015, I had given up checking for these older models. Is this the download location you used: https://community.zyxel.com/en/discussion/4247/zywall-usg-series-v3-30p9-wk48-firmware-released

    Regards
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,100  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2022 Answer ✓
    Options
    Hi @AWUSupport

    Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24

    PC OS: Windows 11 Pro, latest release
    Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)
    Chrome Incognito mode: still same error, as per screen capture below

    Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.

    Screen capture:
    Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution.  The user could follow the below procedures to login to USG100, thanks.

    STEP1. Enter the USG100 login page via the Edge browser and reload the page in IE mode.


    STEP2. Then can enter the device login page.

  • AWUSupport
    AWUSupport Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hi @AWUSupport

    Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution.  The user could follow the below procedures to login to USG100, thanks.


    Hi Jeff,

    I appreciate your feedback and yes as stated we have the USG100's accessible with Edge in IE mode.

    However, USG20W is same EOL legacy device as USG100, yet the USG20W is still accessible by our preferred browser Google Chrome. Is there any reason for for this as they are same family of legacy Zywalls?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,100  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hello @AWUSupport

    The reason is their TLS version is different.  The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.



    I captured the packet at my lab site, please refer to the below results:

    It was captured from ZyWall USG 100.


    It was captured from ZyWall USG 20W.


    Thanks.
  • AWUSupport
    AWUSupport Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hello @AWUSupport

    The reason is their TLS version is different.  The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.

    Thanks Jeff, appreciate you checking out TLS versions on both. Who would have thought USG100 and USG20W would have differed with this - similar vintage original releases of both models back in the day.

    Looks like Edge and IE mode only option as we both agreed on, appreciate you clarifying.

Security Highlight