I don't mean to be argumentative, but TLS is not working and the key size is clearly 512 bits in this build. I downloaded it from here http://ddwrt.stevejenkins.com/22000++/kingkong-nv60k-broadcom.bin, and believe that is a mega and comes with openssl as I was able to use the gencert.sh file to create a new cert on my router. I'm making no claims on whether or not the code is supposed to support what you are saying. It simply is not working as described.
I tried the openssl command without the -ssl3 and only received an error. Trying with -tls1, -tls1_1, and -tls1_2 all received a TCP FIN,ACK response from the router closing the connection when those protocols were used.
I was able to generate and store a cert in the /tmp/ directory last night to confirm that the browser behavior returned to normal with 2048 bit certificate. As my previous post questioned, I'm not sure where to permanently store that cert since tmp is obviously wiped at reboot.
For those having browser issues, can you confirm the key size and which protocols work? For that matter, those whose setup is working, can you confirm what is working and post? You should be able to use the above command to retrieve the certificate and test the various protocols. On Windows, you can view the cert properties by saving the above text in a new text file with a .cer extension. Double-click the resulting file, and you should see bit size under the Details tab.
Kong, Is there anything else I can do to help? I've spent a decent amount of time testing and confirming so that I wasn't crying wolf and providing misleading info. I don't know if I have a corrupted build or need to reflash.
MD5 Hash for bin: 3598BF4B8D32EF03077CAD16FC41162F
I don't mean to be argumentative, but TLS is not working and the key size is clearly 512 bits in this build. I downloaded it from here
That is an old build it just got a handful updates for apps, but as it says 22000 (+ the changes in the Changelog, nothing else), key length was changed 15 month ago in http://svn.dd-wrt.com/changeset/22285
If anyone else have same problem as I did - unable to login to DD WRT router from any major browser - try Opera browser.
Unlike FireFox, Chrome or IE , Opera offers 'continue' option ... which was necessary for me, since I had disabled plain HTTP and only left HTTPS as working on router, so I needed to do HTTPS login even to upgrade.
BTW, upgraded now from build 21676 to build 25648, and now it works even from Firefox (after confirming certificate)
Posted: Thu Dec 18, 2014 2:01 Post subject: Re: Same issue with
WhyComputer wrote:
Issue seems present for:
Router Model Asus RT-N66U
Firmware Version DD-WRT v24-sp2 (11/20/14) mega - build 25408
K3 build (dd-wrt.v24-25408_NEWD-2_K3.x_mega_RT-N66U.trx)
but NOT for:
Router Model Linksys WRT54G/GL/GS
Firmware Version DD-WRT v24-sp2 (11/20/14) mega - build 25408
(dd-wrt.v24_mega_generic.bin)
I have a WRT54GL router. Where can I find the Firmware Version DD-WRT v24-sp2 (11/20/14) mega - build 25408? I thought the mega version was too big for my router?
Currently using DD-WRT v24-sp2 (08/12/10) vpn
(SVN revision 14929).
I'm on 25648 (BS) on a 310N v.1 (std. gen. vpn). This issue is still here. Thanks for the tip to use Opera to bypass the issue.
TLS not supported using the grep -q "tls" /usr/lib/libssl.so.1.0.0 2> /dev/null && echo "TLS is supported." || echo "TLS is not available in your build." command. So no support for TLS on K24? Any way to add it?
Posted: Tue Mar 10, 2015 15:16 Post subject: K3.x built
This seems to have been fixed for K2.4 and K2.6 as Kong mentioned earlier. For K3.x kernel the firmware image becomes bigger than 8MB.
Now, question, isn't the K3.X targeted toward newer routers that often come with more than 8MB flash? For example there is a specific build for RT-N66U and that device comes with 32MB flash.
I am happy to "downgrade" to K2.6 but I don't know what CFE version I have. Is there a way to tell via shell or do I have to boot into CFE? Or switch temporarily to Asus firmware?