HotSpot SSL ERROR: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

RouterOS General
1

Hello,
I have the problem at a location with RouterOS version 6.49.5 that the clients display the message “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” and therefore no login to the HotSpot is possible.

  • DNS name is set
  • Certificate including all intermediate certificates is installed and valid including key

We now have the error in 8 routers out of 10,000 devices. But those are also the first ones with version 6.49.5. Unfortunately, I can’t reproduce the error and it only appears with the customer.
Not all end devices are affected either (approx. 15%).

Has anyone ever had this?

Kind regards
heiko


Test with SSLYZE:

CHECKING CONNECTIVITY TO SERVER(S)

#DNSNAME#:443 => 172.31.0.1

SCAN RESULTS FOR #DNSNAME#:443 - 172.31.0.1

  • Certificates Information:
    Hostname sent for SNI: #DNSNAME#
    Number of certificates detected: 1


    Certificate #0 ( _RSAPublicKey )
    SHA1 Fingerprint: 807fadf85104deb88139be84839dba1c49a79c69
    Common Name: #DNSNAME#
    Issuer: Thawte TLS RSA CA G1
    Serial Number: 17074692820744584699632232447661896795
    Not Before: 2021-06-18
    Not After: 2022-07-19
    Public Key Algorithm: _RSAPublicKey
    Signature Algorithm: sha256
    Key Size: 4096
    Exponent: 65537
    DNS Subject Alternative Names: [‘#DNSNAME#’]

Certificate #0 - Trust
Hostname Validation: OK - Certificate matches server hostname
Android CA Store (12.0.0_r9): OK - Certificate is trusted
Apple CA Store (iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS > :sunglasses:> :OK - Certificate is trusted
Java CA Store (jdk-13.0.2): OK - Certificate is trusted
Mozilla CA Store (2021-12-19): OK - Certificate is trusted
Windows CA Store (2021-11-28): OK - Certificate is trusted
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Received Chain: #DNSNAME# → Thawte TLS RSA CA G1 → DigiCert Global Root G2
Verified Chain: #DNSNAME# → Thawte TLS RSA CA G1 → DigiCert Global Root G2
Received Chain Contains Anchor: WARNING - Received certificate chain contains the anchor certificate
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain

Certificate #0 - Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: OK - 3 SCTs included

Certificate #0 - OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response

  • SSL 2.0 Cipher Suites:
    Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

  • SSL 3.0 Cipher Suites:
    Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

  • TLS 1.0 Cipher Suites:
    Attempted to connect using 80 cipher suites.

The server accepted the following 6 cipher suites:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)

The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported

\

  • TLS 1.1 Cipher Suites:
    Attempted to connect using 80 cipher suites.

The server accepted the following 6 cipher suites:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)

The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported

\

  • TLS 1.2 Cipher Suites:
    Attempted to connect using 156 cipher suites.

The server accepted the following 14 cipher suites:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128
TLS_RSA_WITH_AES_256_GCM_SHA384 256
TLS_RSA_WITH_AES_256_CBC_SHA256 256
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_GCM_SHA256 128
TLS_RSA_WITH_AES_128_CBC_SHA256 128
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)

The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported

\

  • TLS 1.3 Cipher Suites:
    Attempted to connect using 5 cipher suites; the server rejected all cipher suites.

  • Deflate Compression:
    OK - Compression disabled

  • OpenSSL CCS Injection:
    OK - Not vulnerable to OpenSSL CCS injection

  • OpenSSL Heartbleed:
    OK - Not vulnerable to Heartbleed

  • ROBOT Attack:
    OK - Not vulnerable.

  • Session Renegotiation:
    Client Renegotiation DoS Attack: VULNERABLE - Server honors client-initiated renegotiations
    Secure Renegotiation: OK - Supported

  • Elliptic Curve Key Exchange:
    Supported curves: prime256v1
    Rejected curves: X25519, X448, prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, secp384r1, secp521r1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1

SCANS COMPLETED IN 8.419035 S

COMPLIANCE AGAINST MOZILLA TLS CONFIGURATION

Checking results against Mozilla’s “intermediate” configuration. See > https://ssl-config.mozilla.org/ > for more details.

#DNSNAME#:443: FAILED - Not compliant.

  • maximum_certificate_lifespan: Certificate life span is 396 days, should be less than 366.
  • tls_versions: TLS versions {‘TLSv1.1’, ‘TLSv1’} are supported, but should be rejected.
  • ciphers: Cipher suites {‘TLS_RSA_WITH_AES_256_CBC_SHA256’, ‘TLS_RSA_WITH_AES_256_CBC_SHA’, ‘TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384’, ‘TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA’, ‘TLS_RSA_WITH_AES_128_CBC_SHA’, ‘TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA’, ‘TLS_RSA_WITH_AES_128_CBC_SHA256’, ‘TLS_RSA_WITH_CAMELLIA_256_CBC_SHA’, ‘TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256’, ‘TLS_RSA_WITH_CAMELLIA_128_CBC_SHA’, ‘TLS_RSA_WITH_AES_256_GCM_SHA384’, ‘TLS_RSA_WITH_AES_128_GCM_SHA256’} are supported, but should be rejected.