Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 1543 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTML5 VPN Portal - ssl_error_no_cipher_overlap

Calin C

Hello all,

I'm having a very simple configuration which seems not to work Disappointed

UTM9, Home Edition license, in HTML5 VPN Portal I define a new connection, HTTPS to one of my server (simple Apache server). When I try to access the link from the VPN Portal I receive an error containing "ssl_error_no_cypher_overlap".

I know the error, is a mismatch in SSL suit and means the UTM and the backend Apache server cannot find a common encryption algorithm.

When I access the Apache server directly, I get the connection encrypted with TLS1.3 and TLS_AES_128_GCM_SHA256

When I access the VPN portal, I see TLS1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite.

I tried to force the Apache server with TLS1.2 but still doesn't work.

What am I missing here? Any advice is appreciated.

Thanks!



This thread was automatically locked due to age.
  • 0

    Are you using Firefox?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Firefox and Edge (Chromium based), same result as mentioned above.

  • 0 in reply to Calin C

    I believe that's a browser issue, not so much the UTM.  The browser has some miscommunication issues, so you will need to either change TLS 1.3 on the browser, or you can change the encryption protocols of the browser.  Some times, you can just update Firefox if it's not updated and that would fix it for you (not all cases).

    Edit:  Forgot to mention I just found an article you can read about it:  kinsta.com/.../

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • +1

    If I understand things correctly:

         You are using using browser to access the user portal, then choosing a configured web resource which connects to an internal web server.

    Last I knew, the user portal web resource was a wrapper around a very old version of Firefox.   I don't think Sophos has made in changes or improvements to this subsystem in a long time, maybe not ever since it was an Astaro product.

    It sounds to me like your internal server is refusing to talk to the obsolete version of Firefox that is being launched under the covers.

    The solution is to use SSL VPN (with 2-factor authentication) to connect to the website directly. 

  • 0 in reply to DouglasFoster

    I was afraid of that Disappointed Why wouldn't they update the Firefox version beats me. I'll try to see if I can update it myself, cannot be that complicated.

    Regarding SSL VPN, I understand your point. However the HTML5 VPN Portal is so much more convenient for me (I have more than one resource to be accessed via https, rdp, ssh...), especially when I'm somewhere where I cannot establish a VPN connection.

    Thank a lot!

  • 0 in reply to Calin C

    I have used User Portal for Remote desktop and been satisfied with the results.

Unfiltered HTML