• March 28, 2024, 03:32:53 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: Cannot connect to admin console - weak encryption (logjam attack)  (Read 24813 times)

avonord

  • Level 1 Member
  • *
  • Posts: 1
Cannot connect to admin console - weak encryption (logjam attack)
« on: September 13, 2015, 04:51:57 AM »

I can't believe there is no other thread on this.  My browser can no longer connect to the admin console of my DSR250.   It gives the following error.    There are work arounds for firefox (and maybe chromes as well).  But if you want to an iPhone to manage the router, you are out of luck.  When will Dlink come out with a new firmware that address this? 

"Secure Connection Failed

An error occurred during a connection to 192.168.0.1. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem."
« Last Edit: September 13, 2015, 04:54:43 AM by avonord »
Logged

gregster

  • Level 1 Member
  • *
  • Posts: 1
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #1 on: September 13, 2015, 03:34:39 PM »

I was just wondering the same thing. I got in to the admin interface using Opera, and I've seen references to an override that you can set up in Firefox, but these are not permanent solutions.

I tried using the certificate generator (in Advanced -> Certificates, but the documentation is appalling and I haven't been successful - in fact I don't even know if this is intended to address router owners that want to change this cert or just for VPNs).

So I don't have a solution, but I figure I should add my voice. How about it D-Link?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #2 on: September 14, 2015, 06:50:18 AM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?

PC Web Browser Configurations
What browser are you using?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again.
Disable any security browser Add-ons like No Script and Ad-Block or configure them to allow All Pages when connected to the router.
Clear all browser caches.
Be sure to log into the Admin account on the router.
Try turning off these features in Chrome:
Top right corner, little bars for options > Settings > Settings (on left) > Show advanced settings.
Uncheck these:
Use a web service to help resolve navigation errors
Use a prediction service to help complete searches and URLs typed in the address bar
Predict network actions to improve page load performance
Enable phishing and malware protection
Also...
http://www.ghacks.net/2015/04/15/chrome-42-blocks-java-silverlight-other-plugins-by-default-now/

Since this is a business class routers it may be that it only supports desktop browser management at this time. Not much call for management of business class routers from remote locations. Most Management of business class routers are on site and during business hours when needed. Not sure if D-Link would have anything for mobile apps regarding this. This would be something you would have to talk to D-Link directly on the phone about.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

CBET

  • Level 1 Member
  • *
  • Posts: 8
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #3 on: September 16, 2015, 12:19:37 PM »

Hello,

After firmware update with the latest version (2.01_WW) on my DSR-250n I have the same 'Diffie-Hellman key' problem with Chrome and FF also. I do not think that disabling some security settings in browsers are good solution!

I just wondering if D-Link support will fix this bug in near future with next firmware update?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #4 on: September 16, 2015, 12:24:29 PM »

It's recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email or FB> https://www.facebook.com/mydlink?fref=ts.
Let us know how it goes please.

Hello,

After firmware update with the latest version (2.01_WW) on my DSR-250n I have the same 'Diffie-Hellman key' problem with Chrome and FF also. I do not think that disabling some security settings in browsers are good solution!

I just wondering if D-Link support will fix this bug in near future with next firmware update?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

CBET

  • Level 1 Member
  • *
  • Posts: 8
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #5 on: September 19, 2015, 11:06:57 PM »

Hi again,

from the local support recommended me to update to version 2.02 firmware from official page. Unfortunately this version is only for hardware version "B" but my device have "A1". In this case they sent me personal link to download version 2.02 for my hardware version, but they do not explain me what is the difference between 2.01 and 2.02 and why version 2.02 for hardware version "A" is not officially announced?
In this case I prefer continue use firmware 2.01 despite bugs which i found.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #6 on: September 20, 2015, 01:14:56 PM »

I'll check and see if you can install v2.02.

What version is currently loaded?  ???


Hi again,

from the local support recommended me to update to version 2.02 firmware from official page. Unfortunately this version is only for hardware version "B" but my device have "A1". In this case they sent me personal link to download version 2.02 for my hardware version, but they do not explain me what is the difference between 2.01 and 2.02 and why version 2.02 for hardware version "A" is not officially announced?
In this case I prefer continue use firmware 2.01 despite bugs which i found.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

CBET

  • Level 1 Member
  • *
  • Posts: 8
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #7 on: September 21, 2015, 05:24:40 AM »

In present moment router is with 2.01_WW firmware. I have also 2.02 version for hardware A1 but it's not officially published (D-Link local support gave me a personal link for download)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #8 on: September 21, 2015, 07:33:48 AM »

If you have v2.xx installed already then applying v2.02 will work. I recommend doing a factory reset, uploading the FW file. Factory reset once more after the FW was process, then set up from scratch. You should be good after that.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

killeriq

  • Level 1 Member
  • *
  • Posts: 5
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #9 on: October 26, 2015, 06:58:06 AM »

I have the same issue...

have 2 routers dsr-250

rev. A1 - fw 1.09 - that one is ok
rev. A2 - fw 2.02B801C_WW - have issue with the "Secure Connection Failed" on FF and Chrome

Reply ive got from Dlink support is that i need to disable

 about:config - search dhe and certificate (...)128_sha, put to false

---

This solution is like workaround, where the poor Dlink RnD and Beta testing force customer to disable security and weaken the browser security. Really lame i doubt that both teams FF and Chrome did mistake in their security standarts...
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #10 on: November 12, 2015, 10:56:53 AM »

What region are you located?
Where did you get  fw 2.02B801C_WW from?

I have the same issue...

have 2 routers dsr-250

rev. A1 - fw 1.09 - that one is ok
rev. A2 - fw 2.02B801C_WW - have issue with the "Secure Connection Failed" on FF and Chrome

Reply ive got from Dlink support is that i need to disable

 about:config - search dhe and certificate (...)128_sha, put to false

---

This solution is like workaround, where the poor Dlink RnD and Beta testing force customer to disable security and weaken the browser security. Really lame i doubt that both teams FF and Chrome did mistake in their security standarts...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GlaceNot

  • Level 1 Member
  • *
  • Posts: 2
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #11 on: January 02, 2016, 02:28:58 PM »

Hi
I just updated my router dsr-250 rev A2 from DSR-250_A2_FW2.02B401C_WW to this version; DSR-250_A2_FW2.02B701C_WW(0804154808).02b701c_ww.

Link to official ftp dlink site;

ftp://ftp2.dlink.com/../../../../SECURITY_ADVISEMENTS/DSR-250/REVA/

And now...no message like, ssl_error_weak_blabla...occurred during a connection to my router with Firefox 40.0.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #12 on: January 02, 2016, 03:03:37 PM »

Does it happen with IE or Opera?
What region are you located?

Did you clear all browser caches before and after updating FW?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GlaceNot

  • Level 1 Member
  • *
  • Posts: 2
Re: Cannot connect to admin console - weak encryption (logjam attack)
« Reply #13 on: January 02, 2016, 04:41:31 PM »

Hi
No problem with IE or Opera, just the message about the self-signed certificate. It's normal considering my configuration. Cache was cleared before updating and after...and I'm from Québec Canada.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cannot connect to admin console - weak encryption (RESOLVED)
« Reply #14 on: January 03, 2016, 10:14:53 AM »

Enjoy. ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: [1] 2 3