I goofed and tried to secure a web admin interface

Now Firefox won’t let me log in. I’m going to have to factory reset the router, configure it all over again, and this time leave it configured for clear text only.

This seems like going backward.

I mean, I get it: it is clear that RC4 is too easily broken, so support for it was removed.

But I’m not so wealthy that I want to just throw away an otherwise fine – old – router. I put the latest version of Tomato on it that still runs on that platform; but, that version of firmware is from 2010.

This is for my Internet of Things network. Nothing on that network is going to be terribly fast, so I certainly don’t need a high powered router. Still, if a lightbulb gets compromised, I’d like there to be at least a tiny bit of work involved in capturing the router’s password. RC4 may be brute forced in minutes with a GPU, but a lightbulb doesn’t have that sort of processing power.

Anyway, I goofed up. I saw an article about how to convert the web admin interface to use https only, so I pushed the button to generate a new certificate. Now I’m locked out and have to wipe the router back to factory reset.

The official error message is: Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Thank you smarter people than me, for not allowing an override, even temporarily. Thank you smarter people than me, for making sure my IoT wireless access point web admin interface password has to remain in clear, plain text, forever.

Leave a Reply