How can I reset the TLS/SSL connection to http instead of https (NSA310)

Options

Since I forced the HTTPs connection on my NSA310, I can't access the nas via his ip address and the web browser no longer. I also haven't downloaded the system default CA file before so I could install it into my browser.

How can I still login to the nas to manage the device? Can this problem be solved without having to reset to the default settings?

Accepted Solution

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    The problem is situated the other way.

    No, it's not. Your NAS redirects an connection via http now to https, making the NAS unaccesible via http. But the internal old webserver only supports TLS1.0 (don't know the real version) while the browser rejects everything older than TLS1.2 (same). That is the 'unsupported protocol'.

    So you need an older browser, or tell your current one to accept older, considered unsafe, TLS handshakes. The latter is of course only possible if the needed code is still in the browser.

    If you had downloaded the CA file that wouldn't have helped you. When the TLS handshake can't be performed there is no certificate to exchange.

All Replies

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    What error do you get when you try to access the nas? If it's a certificate error I'd expect you to be possible to tell the browser 'yes I know it's unsafe, but continue anyway'. At least Firefox gives this option.

    When the encryption method is no longer supported and not build-in in the browser anymore you'll need to download an older browser version. For instance one of https://portableapps.com/apps/internet/firefox_portable/legacy

  • RafP
    RafP Posts: 3
    Friend Collector First Comment
    Options

    The problem is situated the other way.

    Before I forced the HTTPs configuration, I got the warning "The connection to 192.168.1.xxx is not secure", with the posibility to continue to the site nevertheless. This warning was correct because of the formerly non-secure HTTP-connection.

    Although I could continue and log into the nas to administrate the configuration, I thought perhaps it would be better (safer) to change the setting via the administration and force the connection to HTTPs. But apparently this was not a good idea doing this without downloading the default CA file before the change … 😣 As from now on I get the message in my browser that the site can't provide a secure connection because of a not-supported protocol.

    So how can I solve this problem?

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    The problem is situated the other way.

    No, it's not. Your NAS redirects an connection via http now to https, making the NAS unaccesible via http. But the internal old webserver only supports TLS1.0 (don't know the real version) while the browser rejects everything older than TLS1.2 (same). That is the 'unsupported protocol'.

    So you need an older browser, or tell your current one to accept older, considered unsafe, TLS handshakes. The latter is of course only possible if the needed code is still in the browser.

    If you had downloaded the CA file that wouldn't have helped you. When the TLS handshake can't be performed there is no certificate to exchange.

  • RafP
    RafP Posts: 3
    Friend Collector First Comment
    Options

    Thank you so much for your detailed explanation of the problem and your advise to solve it in a very simple way by using a portable browser!

Consumer Product Help Center