ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Akio6309 · ‎2024-04-30

I have an old Check Point 4600 that we used for a site that was decommissioned. I would like to use it for an internal lab environment. I was able to reset the appliance because it was so old that no one knew the password. But now when I try to access the management via Ethernet on port 8/MGMT and https://192.168.1.1, I get an error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH. When I try to access via SSH the default Username/Password admin/admin does not work. I tried adding support for TLS 1.0, 1.1, 1.2 and 1.3 under Internet Options, and relaunched Chrome but I still get the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Any suggestions? Thank you.

PhoneBoy · ‎2024-04-30

Sounds like that 4600 is running a version so old that it does not support modern browsers.
Given that you also don't know the admin password, your best bet is to reimage the appliance from a USB drive.

The 4600 is officially End of Life as is the latest version of software supported on it (R80.40).
You can download an ISO of R80.40 from here: https://support.checkpoint.com/results/sk/sk160736
You need to "burn" the ISO to a USB thumb drive using Isomorphic: https://support.checkpoint.com/results/sk/sk65205

Boot the appliance off the USB drive and use the console connection to complete the reimaging process.

emmap · ‎2024-04-30

You may find that the version that it reset back to is so old that the SSL it's using won't work in a modern browser. It's out of support hardware now but it will still run R80.40 if you build a USB key with ISOMorphic and install it on there.

the_rock · ‎2024-04-30

I know in the old days you could overcome web UI issue by pressing windows + R and then typing iexplore, which would let you open old IE browser, but thats not an option any longer, it simply pulls up Edge. For ssh, I know few times I had to edit etc/ssh/sshd_config file and search for PasswordAuth and change it to yes in all the places.

Andy

Best,
Andy

Akio6309 · ‎2024-04-30

I'm right there with you Andy. I have an old laptop with Windows 8.1 that I used for logging into consoles because it has the serial port on the back that works with the Cisco Console cables. I am thinking about bringing it to work. I'm having a hard time finding a USB drive to do this reimage.

I fear that after all of that I will only find out the default password will not work and I will still have to the the reimage. I'll let you know what happens.

Robert

the_rock · ‎2024-04-30

Let us know...if I find away to fire up old IE browser, will let you know 🙂

Andy

Best,
Andy

the_rock · ‎2024-04-30

K, found it, gotta love reddit haha

Try this, see if web UI works:

Click Start -> search "Internet Options" (or go to control panel and open Internet option) -> go to "Programs" tab -> click "Manage add-ons" -> Click "Learn more about toolbars and extensions" at the bottom. It opens Internet Explorer.

https://www.reddit.com/r/Windows11/comments/vdv9nj/easiest_way_to_open_internet_explorer_on_windows/...

Andy

Best,
Andy

Akio6309 · ‎2024-04-30

You sir, are a veritable genius. It worked. I was able to connect to it now. However it is giving me a blank screen. I clicked on More Information. Then I clicked on Go on to the webpage (not recommended). It gave me a small box in the center and I clicked on something I can't remember what it was and then it gave me the blank webpage. Even if I exit out of the browser and click on Learn more it keeps giving me the blank webpage. I so want to continue working on this but today is my birthday and I have to get going.

Robert

the_rock · ‎2024-04-30

Happy birthday 🎉🎉

I wish I was a genius lol. Anyway, one way to get around blank screen might be if you open IE security settings and disable all ssl/tls options and then try again.

Andy

Best,
Andy

the_rock · ‎2024-04-30

I was referring to below, just disable all of them and see if that helps.

Andy

Best,
Andy

JozkoMrkvicka · ‎2024-04-30

You can use some very old Firefox portable version from 2010 year or so.

Kind regards,
Jozko Mrkvicka

the_rock · ‎2024-05-01

Yea, that may work too.

Andy

Best,
Andy

George_Casper · ‎2024-05-01

At your own risk and be sure to change it back immediately.

Use Firefox

Type in the address bar: About:config

Find and change security.tls.version.enable-deprecated to True.

You will still get the warning about the site not being secure but will be able to continue past it.

Again, change it back to False immediately

ErvinSuarez · ‎2025-01-17

Here you go.. 🙂

Steps to Download Firefox 73.0.1 for Windows (64-bit)

Go to the Firefox Release Directory: Open this link in your browser:
https://ftp.mozilla.org/pub/firefox/releases/73.0.1/win64/
Select Your Language: In the directory, find the folder corresponding to your preferred language. For example:
- English (US): en-US/

Are you a member of CheckMates?

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Steps to Download Firefox 73.0.1 for Windows (64-bit)