Sonicwall ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When connecting to SonicWall web interfaces through Chrome we began to receive the following error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

This is because multiple vulnerabilities have been round in RC4 encryption recently which prompted the IETF to prohibit the use of the protocol.

To get around the issue you can log in with Firefox and disable RC4 Encryption. You’ll need to access the hidden diagnostics page at https://sonicwall-ip/diag.html. Obviously replace sonicwall-ip with the actual IP of the device. Search for RC4 and you’ll see this:

Simply uncheck the “Enable RC4-Only Cipher Suite Support” checkbox and save the settings. Unfortunately this change will prompt and cause the SonicWall to reboot.

Once it comes back online you should now be able to use Chrome or any RC4 disable browser to access your SonicWall.

Upgrading OpenVPN VMWare Virtual Appliance

Upgrading is relatively easy because the OpenVPN Access Server is just a Debian package that runs on Ubuntu 14. Before upgrading OpenVPN it is a good idea to update the Ubuntu 14 server itself. You can use the standard:

apt-get update
apt-get upgrade

Next, find the latest Ubuntu package from this page: https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu. Copy the link for the Ubuntu 14 64-bit package. The current download for the 2.0.24 version is http://swupdate.openvpn.org/as/openvpn-as-2.0.24-Ubuntu14.amd_64.deb.

SSH into the appliance and run:

wget http://swupdate.openvpn.org/as/openvpn-as-2.0.24-Ubuntu14.amd_64.deb
dpkg -i openvpn-as-2.0.24-Ubuntu14.amd_64.deb

This will upgrade the VMWare ESXi OpenVPN Virtual Appliance to the latest version.