1

So this is the issue: I have a modem/router provided by my telco. The router exposes the usual 192.168.1.254 address for managment, but with my pc there's no way to open it, I tried with firefox, explorer and chrome. Firefox says "SSL_ERROR_RX_RECORD_TOO_LONG", explorer says to enable tls 1.0 (done) and chrome says "ERR_SSL_PROTOCOL_ERROR".

With chrome on android I can connect and via a tool I see the site uses TLS 1.0, WITH AES_128_CBC AND HMAC-SHA1. Plus there's a self signed certificate.

I understand these encryption methods are deprecated, but is there a browser for pc that can connect anyway?

700 Software
  • 13,807
  • 3
  • 52
  • 82
zbigniew
  • 13
  • 3
  • 1
    Current IE Chrome and Firefox (on my Win8.1) accept TLS1.0 fine; I'd bet your router _tries_ to implement 1.1 and/or 1.2 (which the PC browsers ask for, but Android if somewhat older does not) and screws it up. Firefox can easily be cranked down: in `about:config` go to `security.tls.version.max` and set it to 1 and see if that helps. TTBOMK Chrome/Win and IE and Edge use the Schannl settings in the registry which I can't remember but can be googled. Also if possible install wireshark and have it capturing while you connect; it will give you _much_ more detailed info. – dave_thompson_085 Jul 27 '16 at 11:28
  • This is effectively a duplicate of https://security.stackexchange.com/questions/108676/need-to-access-old-forgotten-router-that-only-supports-sslv3 – mr.spuratic Nov 17 '17 at 12:11

1 Answers1

0

I'm sorry that I do not know of a modern tool designed to work with deprecated HTTPS servers.

Normally Firefox would give you an "Add Exception" button. (hidden behind "Advanced" on the error page) Google Chrome has a "Proceed Anyway" button. However it sounds like you are not getting those options.

Many routers offer an HTTP only option to bypass encryption entirely. (no HTTPS)

  1. Clear Cache on your browser.
  2. Try specifically navigating to http://192.168.1.254 (no https)

  3. If that does not work, (redirects you to HTTPS Error page again) access via your phone (since that is working for you), and look for settings:

    • Many routers offer a way to turn off HTTPS, or at least to not redirect HTTP users to HTTPS.

    • If you can't disable HTTPS redirect, there may be settings to customize either which Cipher Suites or which HTTPS settings are available. If you find them, try to turn on new technologies and/or disable old technologies, and see if your Firefox browser will connect. You can even post a new question once you find out which settings are available.

      (Often you have the ability to replace the self-signed certificate with a verified certificate, but that probably won't help if the HTTPS configuration is deprecated.)

If all else fails, install an old version of the Firefox browser and see if that works.

Warning: Using old versions of Firefox poses a significant security risk.

Directory of older versions and languages

Important: By default, Firefox is set to automatically update itself. If you install an older version of Firefox, you'll need to change your update settings to prevent the latest Firefox version from being reinstalled. See Advanced panel - Accessibility, browsing, network, updates, and other advanced settings in Firefox for details.

700 Software
  • 13,807
  • 3
  • 52
  • 82
  • 1
    you could use an old copy of firefox portable just for that purpose (so you are unlikely to access it accidentally or mess up your normal firefox settings). Something like https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox,%20Portable%20Ed./Mozilla%20Firefox,%20Portable%20Edition%203.6.3/ ought to do the trick... – Stu W Jul 26 '16 at 13:30