Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8536
Views
5
Helpful
2
Replies

UC320 v2.3.2(6), getting ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

Pedro Macedo
Level 1
Level 1

‎01-05-2015 03:56 PM

In late November 2014, while I tried to connect to a UC320 with version 2.3.2(6) via the WAN interface, I got the following error on my Chrome Browser (I have a Windows 7 PC):

ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

I looked at the Chrome forums (https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4) and read that starting on version 39 (the one I have) SSLv3 fallback would be disabled.

Tried to connect with Firefox, all went fine for a couple of weeks until it stopped working. Same thing with Explorer v11 (I downgraded to v10, and it isn't working either); with IE, I do get the "Blue Screen" from the UC320, but never get the full page to enter User & Password (I have tried the Compatibility options without success).

I serve a large UC320 installed base and it is critical for me being able to do remote support. I still have some Windows XP PC's from which I can connect to the UC320's, but I need to do it from the newer PC's that I have.

Any ideas on how to fix this? Either Chrome, Firefox or IE flags to modify? Or any patches on the UC320?

Thanks,

Pedro.

 

1 person had this problem
0 Helpful
2 Replies 2

Dramaturg7675
Level 1
Level 1

‎01-08-2015 12:45 AM

Hello Pedro,

 

I have the same problem on Chrome: "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION", however I tested another browser: Opera.

Opera did complain about the certificate, however I was able to skip that.

I get the following HTML output: http://paste.ubuntu.com/9691770/ HOWEVER the Flash does not load.

It seems to be an issue with the HTTPS of the UC320 itself, as it also does not work when connected directly to a LAN port.

Any updates from CISCO re: this issue? Were you able to solve it?

My humble idea: I am thinking to do a port forwarding Port 8081 to 192.168.10.1:80 - so I can access the HTTP interface, but this didn´t work. Maybe I did set something wrong in the port forwarding, but this might be a dirty fix.

0 Helpful

Pedro Macedo
Level 1
Level 1
In response to Dramaturg7675

‎01-08-2015 06:27 AM

Hi,

I created a SR with the TAC and the workaround they suggest (and it is working) is to use Firefox version 32. You have to go to the "Tools --> Options --> Advanced --> Update" menu and disable the "automatic update" so it won't change to v 34.

We tried IE 10 and IE 11, tweaking the Internet Options to use only SSL v3 (disabling SSL v2 and all TLS options) but I haven't been able to make it work. I need to do further testings, but haven't had the time. Following is MIcrosoft a link the TAC provided, that discusses the issue:

https://technet.microsoft.com/en-us/library/security/3009008.aspx

The TAC is looking to see if the Developers will provide a patch for the UC320 firmware, but it doesn't seem likely. So I'll have to stick with Firefox v32 for the moment.

Regards,

Pedro.

Customers Also Viewed These Support Documents