How can I reset the TLS/SSL connection to http instead of https (NSA310)
Since I forced the HTTPs connection on my NSA310, I can't access the nas via his ip address and the web browser no longer. I also haven't downloaded the system default CA file before so I could install it into my browser.
How can I still login to the nas to manage the device? Can this problem be solved without having to reset to the default settings?
Accepted Solution
-
The problem is situated the other way.
No, it's not. Your NAS redirects an connection via http now to https, making the NAS unaccesible via http. But the internal old webserver only supports TLS1.0 (don't know the real version) while the browser rejects everything older than TLS1.2 (same). That is the 'unsupported protocol'.
So you need an older browser, or tell your current one to accept older, considered unsafe, TLS handshakes. The latter is of course only possible if the needed code is still in the browser.
If you had downloaded the CA file that wouldn't have helped you. When the TLS handshake can't be performed there is no certificate to exchange.
1
Guru Member
All Replies
-
What error do you get when you try to access the nas? If it's a certificate error I'd expect you to be possible to tell the browser 'yes I know it's unsafe, but continue anyway'. At least Firefox gives this option.
When the encryption method is no longer supported and not build-in in the browser anymore you'll need to download an older browser version. For instance one of
1 -
The problem is situated the other way.
Before I forced the HTTPs configuration, I got the warning "The connection to 192.168.1.xxx is not secure", with the posibility to continue to the site nevertheless. This warning was correct because of the formerly non-secure HTTP-connection.
Although I could continue and log into the nas to administrate the configuration, I thought perhaps it would be better (safer) to change the setting via the administration and force the connection to HTTPs. But apparently this was not a good idea doing this without downloading the default CA file before the change … 😣 As from now on I get the message in my browser that the site can't provide a secure connection because of a not-supported protocol.
So how can I solve this problem?
0 -
The problem is situated the other way.
No, it's not. Your NAS redirects an connection via http now to https, making the NAS unaccesible via http. But the internal old webserver only supports TLS1.0 (don't know the real version) while the browser rejects everything older than TLS1.2 (same). That is the 'unsupported protocol'.
So you need an older browser, or tell your current one to accept older, considered unsafe, TLS handshakes. The latter is of course only possible if the needed code is still in the browser.
If you had downloaded the CA file that wouldn't have helped you. When the TLS handshake can't be performed there is no certificate to exchange.
1 -
Thank you so much for your detailed explanation of the problem and your advise to solve it in a very simple way by using a portable browser!
0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 87 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 917 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
