Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 11 subscribers
  • Views 3542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues accessing WebAdmin after FW upgrade to 9.718-5

Jim Matson

I'm running the Home License of Sophos UTM on a physical box (Protectli Vault) as well as a VM on my Synology.   After I updated to 9.718-5 of the firmware, I am no longer able to access WebAdmin from my PC on either of the upgraded UTMs using either Google Chrome or MS Edge (latest versions, Chrome 119.0.6045.160 and Edge 119.0.2151.72.)  I receive this message:

Firewalls are working fine and passing traffic but I have no access to the WebAdmin from my desktop PC.  I have tested on multiple PCs with the same result.

However, using Chrome on my iPhone, I am able to access WebAdmin on the upgraded UTMs.

I maintain an additional Protectli for my in-laws and I did not upgrade its firmware after I saw this happen on my 2 UTMs.  I can still access the WebAdmin from Chrome on my PC on the UTM that has not been upgraded yet (it is running 9.717-3).

I see in the release notes for 9.718-5:

Fix [NUTM-14219]: [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal

...and was wondering if this "fix" may have broken something with the TLS in the desktop version of Chrome.

Has anyone else observed this behavior, and does anyone have any suggestions for a fix/workaround so I can access WebAdmin from my PC?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Juergen Naumann

    I installed Firefox on my PC and I am now able to access the webadmin using that browser.  Hopefully this issue will be resolved in the next firmware update and/or a future Chrome/Edge update.

  • 0 in reply to Jim Matson

    Using Firefox, I compared the encryption between the UTM that won't connect in Chrome (FW version 9.718-5) and the UTM that I have not upgraded yet - which still connects fine in Chrome (FW version 9.717-3) and found differences in the encryption.

    FW version 9.718-5 connects with (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)

    FW version 9.717-3 connects with (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)

    So it appears there may be an issue with the ECDSA keys and Chrome.  

Unfiltered HTML