Technical FAQs

Ask a Question

SSL Cipher overlap - unable to launch NMC web interface

Issue:
When launching the web interface of an NMC2, a message is displayed saying "ssl cipher overlap". Alternatively, the page may show no text at all.

Environment: 
Any NMC2 (AP9630/31/35) or unit with an embedded NMC2, including by not limited to rPDU (AP7xxxB, AP8xxx), rATS (AP44xx), Netbotz 250
AOS firmware revision v6.7.2

Resolution:
Upgrading the firmware to v6.8.0 or higher will resolve the issue. If upgrading is not possible, then certain web ciphers can be disabled. Disabling the cipher can only be done via the CLI, there is no option to do this in the web ui or via config.ini.  To disable via the CLI,  first connect via console/telnet/ssh.  Type the following: cipher -ecdhe disable, press enter, then reboot the NMC. To confirm the changes took effect, re-connect via CLI and type cipher. The following should be shown: 

Blocked Cipher Suites
---------------------
(the settings above disable the suites listed here)
 
1       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
3       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
4       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Was this helpful?
What can we do to improve the information ?