Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 1532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTML5 VPN Portal - ssl_error_no_cipher_overlap

Calin C

Hello all,

I'm having a very simple configuration which seems not to work Disappointed

UTM9, Home Edition license, in HTML5 VPN Portal I define a new connection, HTTPS to one of my server (simple Apache server). When I try to access the link from the VPN Portal I receive an error containing "ssl_error_no_cypher_overlap".

I know the error, is a mismatch in SSL suit and means the UTM and the backend Apache server cannot find a common encryption algorithm.

When I access the Apache server directly, I get the connection encrypted with TLS1.3 and TLS_AES_128_GCM_SHA256

When I access the VPN portal, I see TLS1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite.

I tried to force the Apache server with TLS1.2 but still doesn't work.

What am I missing here? Any advice is appreciated.

Thanks!



This thread was automatically locked due to age.
Parents
  • +1

    If I understand things correctly:

         You are using using browser to access the user portal, then choosing a configured web resource which connects to an internal web server.

    Last I knew, the user portal web resource was a wrapper around a very old version of Firefox.   I don't think Sophos has made in changes or improvements to this subsystem in a long time, maybe not ever since it was an Astaro product.

    It sounds to me like your internal server is refusing to talk to the obsolete version of Firefox that is being launched under the covers.

    The solution is to use SSL VPN (with 2-factor authentication) to connect to the website directly. 

  • 0 in reply to DouglasFoster

    I was afraid of that Disappointed Why wouldn't they update the Firefox version beats me. I'll try to see if I can update it myself, cannot be that complicated.

    Regarding SSL VPN, I understand your point. However the HTML5 VPN Portal is so much more convenient for me (I have more than one resource to be accessed via https, rdp, ssh...), especially when I'm somewhere where I cannot establish a VPN connection.

    Thank a lot!

  • 0 in reply to Calin C

    I have used User Portal for Remote desktop and been satisfied with the results.

Reply Children
No Data
Unfiltered HTML