HTML5 VPN Portal - ssl_error_no_cipher_overlap

Question

Hello all, 
 I'm having a very simple configuration which seems not to work 
 UTM9, Home Edition license, in HTML5 VPN Portal I define a new connection, HTTPS to one of my server (simple Apache server). When I try to access the link from the VPN Portal I receive an error containing "ssl_error_no_cypher_overlap". 
 I know the error, is a mismatch in SSL suit and means the UTM and the backend Apache server cannot find a common encryption algorithm. 
 When I access the Apache server directly, I get the connection encrypted with TLS1.3 and TLS_AES_128_GCM_SHA256 
 When I access the VPN portal, I see TLS1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite. 
 I tried to force the Apache server with TLS1.2 but still doesn't work. 
 What am I missing here? Any advice is appreciated. 
 Thanks!

DouglasFoster · Accepted Answer

If I understand things correctly: 
 You are using using browser to access the user portal, then choosing a configured web resource which connects to an internal web server. 
 Last I knew, the user portal web resource was a wrapper around a very old version of Firefox. I don't think Sophos has made in changes or improvements to this subsystem in a long time, maybe not ever since it was an Astaro product. 
 It sounds to me like your internal server is refusing to talk to the obsolete version of Firefox that is being launched under the covers. 
 The solution is to use SSL VPN (with 2-factor authentication) to connect to the website directly.

HTML5 VPN Portal - ssl_error_no_cipher_overlap

Top Replies