Attempt to login to USG100, Chrome reports ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Options
AWUSupport
Posts: 43 
Freshman Member
Freshman Member
in Security
When we attempt to login to 2 separate USG100 devices with latest version of Google Chrome we get the following error:
This site can’t provide a secure connection
192.168.1.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Followed suggestions detailed here however no difference, same error:
https://community.zyxel.com/en/discussion/1920/attempt-to-login-to-usg40-chrome-reports-err-ssl-version-or-cipher-mismatch
Curious thing is we can access a USG20W using same browser Chrome from same workstation (Win11 Pro) and no errors - so identical Internet Options, Chrome settings, etc. We believe it must be a different setting on the USG40W compared to USG100 causing this.
Anyone have any ideas?
Followed suggestions detailed here however no difference, same error:
https://community.zyxel.com/en/discussion/1920/attempt-to-login-to-usg40-chrome-reports-err-ssl-version-or-cipher-mismatch
Curious thing is we can access a USG20W using same browser Chrome from same workstation (Win11 Pro) and no errors - so identical Internet Options, Chrome settings, etc. We believe it must be a different setting on the USG40W compared to USG100 causing this.
Anyone have any ideas?
0
Best Answers
-
Hi,
fw 3.30 AQQ.7 WK48 solve this issue
Fred1 -
Hi @AWUSupport
Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution. The user could follow the below procedures to login to USG100, thanks.Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24
PC OS: Windows 11 Pro, latest release
Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)Chrome Incognito mode: still same error, as per screen capture below
Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.
Screen capture:
STEP1. Enter the USG100 login page via the Edge browser and reload the page in IE mode.
STEP2. Then can enter the device login page.
0 -
Hello @AWUSupport
The reason is their TLS version is different. The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.
I captured the packet at my lab site, please refer to the below results:
It was captured from ZyWall USG 100.
It was captured from ZyWall USG 20W.
Thanks.0
Ally Member
Zyxel EmployeeAll Replies
-
Further details ... exactly same settings in both USG100's and USG20W.
Router# show ip http server secure status
active : yes
port : 443
certificate : default
force redirect : yes
authentication client: no
anti beast attack : no
strong cipher suite : yes
cipher suite : rc4 aes des 3des
sslv3 support : no
admin service control:
No. Zone Address Action==================================================
user service control:
No. Zone Address Action
==================================================
Router#0 -
Hi @AWUSupportCould you share the screenshot of the error message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" with us?What is the current firmware version of USG 100 and USG20W?What are your PC OS version and Chrome version?Have you ever tried to use Chrome with incognito mode to login to the USG100?Have you ever tried to use another browser such as Firefox, Edge, etc. to login to the USG100?0
-
The firmware is older than (redacted).IMVHO only IE in compatibility mode could access to that.1
-
Hi,
fw 3.30 AQQ.7 WK48 solve this issue
Fred1 -
Firmware of USG20W: 3.30(BDR.9) / 1.15 / 2016-11-22 10:05:22Zyxel_Jeff said:Hi @AWUSupportCould you share the screenshot of the error message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" with us?What is the current firmware version of USG 100 and USG20W?What are your PC OS version and Chrome version?Have you ever tried to use Chrome with incognito mode to login to the USG100?Have you ever tried to use another browser such as Firefox, Edge, etc. to login to the USG100?
Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24
PC OS: Windows 11 Pro, latest release
Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)Chrome Incognito mode: still same error, as per screen capture below
Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.
Screen capture:1 -
Hi Fred,Fred_77 said:Hi,
fw 3.30 AQQ.7 WK48 solve this issue
Fred
Didn't realise any firmware for USG100 had been released since 2015, I had given up checking for these older models. Is this the download location you used: https://community.zyxel.com/en/discussion/4247/zywall-usg-series-v3-30p9-wk48-firmware-released
Regards1 -
Hi @AWUSupport
Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution. The user could follow the below procedures to login to USG100, thanks.Firmware of both USG100: 3.30(AQQ.7) / 1.13 / 2015-01-13 16:30:24
PC OS: Windows 11 Pro, latest release
Chrome Version: Version 108.0.5359.125 (Official Build) (64-bit)Chrome Incognito mode: still same error, as per screen capture below
Other Browsers: can use Edge in IE Mode to login to USG100. Google Chrome is preferred browser.
Screen capture:
STEP1. Enter the USG100 login page via the Edge browser and reload the page in IE mode.
STEP2. Then can enter the device login page.
0 -
Zyxel_Jeff said:Hi @AWUSupport
Thanks for your update. Because USG100 is an EOL legacy device, users can use the Edge browser in IE Mode to login to USG100 for a workaround solution. The user could follow the below procedures to login to USG100, thanks.
Hi Jeff,
I appreciate your feedback and yes as stated we have the USG100's accessible with Edge in IE mode.
However, USG20W is same EOL legacy device as USG100, yet the USG20W is still accessible by our preferred browser Google Chrome. Is there any reason for for this as they are same family of legacy Zywalls?0 -
Hello @AWUSupport
The reason is their TLS version is different. The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.
I captured the packet at my lab site, please refer to the below results:
It was captured from ZyWall USG 100.
It was captured from ZyWall USG 20W.
Thanks.0 -
Thanks Jeff, appreciate you checking out TLS versions on both. Who would have thought USG100 and USG20W would have differed with this - similar vintage original releases of both models back in the day.Zyxel_Jeff said:Hello @AWUSupport
The reason is their TLS version is different. The TLS version of the ZyWalll USG100 is V1 but the TLS version of the ZyWalll USG20W is V1.2. Once the browser doesn't support the TLS V1 connection and would show the below information.
Looks like Edge and IE mode only option as we both agreed on, appreciate you clarifying.1
Guru Member
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
