Https in r33607 doesn't work

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2
Author Message
c7rax
DD-WRT Novice


Joined: 09 Nov 2017
Posts: 44

PostPosted: Mon Dec 11, 2017 16:37    Post subject: Reply with quote
Alozaros wrote:

nvram set https_lanport 31339 <---- Or whatever port you want
nvram commit
reboot

Then access your router via
https://routeripaddress:31339


I will try this but i don't suspect any good results.
Thanks.
Sponsor
c7rax
DD-WRT Novice


Joined: 09 Nov 2017
Posts: 44

PostPosted: Tue Dec 12, 2017 4:52    Post subject: Reply with quote
Alozaros wrote:
nvram set https_lanport 31339

Didn't work. I didn't even have anything like that in nvram. After added this and set it to 443 the router couldn't no longer fetch WAN ip address from external DHCP server (rebooted few times without any results). I don't know what is the connection with https_lanport and WAN acquiring IP address, but I needed to not set it to 443. Other port number didn't give me any results, httpd still listened only on 443, but router was able to fetch WAN ip address. So I have removed this setting from nvram.

Then I have found something like that:
http://svn.dd-wrt.com/ticket/5252

It is old entry but hellish current for my router. Old builds were running https basis on matrixssl offering maximum SSLv3 with known vulnerablilities and it was dropped somewhere in timeline. It was dropped and also dropped for 4mb routers but not for mine, WR841N. Somehow r33986 is still using matrixssl in my build. Figuring it further I have found out that Firefox had dropped support for SSLv3 entirely, and even using about:config and setting tls min version and other compatibility entries won't give me anything - firefox just won't connect to this.

Palemoon current version is fixing all vulnerabilities according to Firefox so it is in the same shoes. And i don't intend to using archaic versions of these programs.

So I gave IE 8 more time and, well, it finally connected. Adding certificate exception and well ... started browsing https.
But talking about browsing with IE8 is a just sad joke. I don't know if it is IE8 issue or httpd issue but each transaction with server takes hellish long time - I could go for coffee. Moreover, each transaction ending with httpd -S process crashed.
So, accepting certificate - crash. Need putty to raise it up.
Putting password - httpd crash. Need putty to raise it up. Again.
Opening fragment of dd-wrt gui - crash.

These are from syslog:
Dec 12 05:08:08 HOMEDEV user.err : Caught SIGSEGV (11) in matrixssl_findbuf
Dec 12 05:08:08 HOMEDEV user.err : Fault at memory location 0x00000000 due to address not mapped to object (1).
Dec 12 05:08:08 HOMEDEV user.err : Thread 1269: httpd
Dec 12 05:08:08 HOMEDEV user.err : === Context:
Dec 12 05:08:08 HOMEDEV user.err : ZERO:00000000 AT:00000000 V0:00000000 V1:00000000 A0:00000000 A1:00000000
Dec 12 05:08:08 HOMEDEV user.err : A2:00000000 A3:00000000 T0:00000000 T1:00000000 T2:00000000 T3:00000000
Dec 12 05:08:08 HOMEDEV user.err : T4:00000000 T5:00000000 T6:00000000 T7:00000000 S0:00000000 S1:00000000
Dec 12 05:08:08 HOMEDEV user.err : S2:00000000 S3:00000000 S4:00000000 S5:00000000 S6:00000000 S7:00000000
Dec 12 05:08:08 HOMEDEV user.err : T8:00000000 T9:00000000 K0:00000000 K1:00000000 GP:00000000 SP:00000000
Dec 12 05:08:08 HOMEDEV user.err : FP:00000000 RA:00000000
Dec 12 05:08:08 HOMEDEV user.err : === Backtrace:
Dec 12 05:08:08 HOMEDEV user.err : # Text at 0x003fffff is not mapped; trying prior frame pointer.
Dec 12 05:08:08 HOMEDEV user.err : # Text at 0x003fffff is not mapped; terminating backtrace.
Dec 12 05:08:08 HOMEDEV user.err : /usr/sbin/httpd[0x00000000](matrixssl_findbuf+0x0000001e)[0x0040a697]
Dec 12 05:08:08 HOMEDEV user.err : /usr/sbin/httpd[0x00000000](matrixssl_gets+0x00000022)[0x0040ab63]
Dec 12 05:08:08 HOMEDEV user.err : === Code:
Dec 12 05:08:08 HOMEDEV user.err : 0040ab20: a3c5f154 4d0cea40 653a9606 659e170b 6a01ea4b 17656a01 ea4bd213 17706500
Dec 12 05:08:08 HOMEDEV user.err : 0040ab40: f0006a03 f2140b0c f4003240 e269f00c 64f5659a d204675c 6725f130 9a4cea40
Dec 12 05:08:08 HOMEDEV user.err : 0040ab60: >653a9604 6702659e 2a099864 9843e26b 52016011 69006751 6475e8a0 9a432af5
Dec 12 05:08:08 HOMEDEV user.err : 0040ab80: 675c940a f1309a5c ea40653a 96045201 659e60eb 17ef9842 e26d6751 940c67a2

I heard that Google Chrome still support SSLv3 but i don't use it. I didn't check with IE11 this time (no access to proper host) but i don't suspect to be much different. And i think the both is just httpd fault, not IE8.

But I have found out that normal http is crashing as well as hell. I tried to configure second bridge to isolate WLAN from LAN (Setup/Networking) and guess? Almost each time i use "apply changes" the "httpd -p 80" process just crashed. And this time there is no entries in syslog. Process just shut down. Finally, i didn't even finish configuring bridge discouraged to r33986 completely. And Setup/Networking wasn't the only page where httpd was crashing so badly.
Webgui is so unstable that i decided to return to r33607, but it might be the same, although I don't remember httpd crashing so much. Finally i will probably return to TP-LINK firmware. SSH is very convenient but i don't it to be my main tool in communicating with router.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Tue Dec 12, 2017 7:57    Post subject: Reply with quote
well, bold claim as i use new FFx to connect and it works
with http, https, so again its not what you think and claim...
did you try to clear your browser cache...do you have any browser specific settings or any anti-malware/virus programs
that may restrict you, try to eliminate any cause....

Good job you ve found it on svn as router specific error, you should ve done this before you start that saga i doubt the Devs will pay attention to it anyway...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
c7rax
DD-WRT Novice


Joined: 09 Nov 2017
Posts: 44

PostPosted: Tue Dec 12, 2017 9:59    Post subject: Reply with quote
Alozaros wrote:
well, bold claim as i use new FFx to connect and it works (...)Good job you ve found it on svn as router specific error, you should ve done this before you start that saga i doubt the Devs will pay attention to it anyway...


Well, both sentences in contrary with each other. I am normal user, not coder. It is like user of the car doesn't have to known each technical aspect of automobile technologies to claim that his car works bad or at least not proper.

I really appreciate all help, but You are giving opinions based on your devices which are totally different. 8mb routers and above are free of SSLv3 limit and obsolete matrixssl. 4mb routers as well but not every of them. As You see in syslog, i have matrixssl in my device.

No, i didn't clear the browser cache. As i practically never need to do that, and 50% websites i am using are https only and never had any issues.
Prove me, that not clearing browser cache has any influence on crashing httpd itself. I would kill half of internet services around the world if one browser would be able to do this.

Someone, someday will probably repair this or maybe won't repair. It is free software with open sources so I can't demand any fixes.

I will check few things in r33607 and probably will return to TP-LINK latest firmware. Current DD-WRT builds have great capabilities but are clearly not for WR841N with 4mb flash.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Tue Dec 12, 2017 11:32    Post subject: Reply with quote
many bugs are due to browser cache.. i clear my FFx regularly and use it only for DD-WRT access...
and yes ive test it on all my routers as well on 740nd wich has 4mb flash too Wink all working with FFx that's why i was sceptic that you ran out of options and test it correctly...
As well yes its good to read and learn/test before you post and complain its not working...
I lost a time to test it and have found the opposite its working...for me that's why i've said it very very router specific...error
personally i do not care about local https access and im not paranoid about someone on the local side will sniff my pass and gain access over GUI, as i stated above there are other different ways to limit GUI access, so even if someone has my password, witch i doubt, he can stick it in his .....s

Also to not be surprised 841 has very basic use and due to its small flash size many features are stripped off, the
tendency is those small flash size routers to become obsolete as they do not have enough CPU and flash size to
care the modern router demands and utilisation of high speed WAN connections...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
c7rax
DD-WRT Novice


Joined: 09 Nov 2017
Posts: 44

PostPosted: Tue Dec 12, 2017 15:25    Post subject: Reply with quote
Alozaros wrote:
many bugs are due to browser cache.. i clear my FFx regularly and use it only for DD-WRT access...
and yes ive test it on all my routers as well on 740nd wich has 4mb flash too Wink all working with FFx that's why i was sceptic that you ran out of options and test it correctly...


Knowing what to look for I have found more posts with people with WR841N and not working https. If Your WR740N with 4mb is working with firefox and https then You are the lucky one where WR740N has been properly fixed/updated.
I think there is really no need to look into further - not working https is really the least issue here.
The worse thing is http crashing miserably.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Tue Dec 12, 2017 16:25    Post subject: Reply with quote
yep true that...for old routers nobody cares anymore, it seems slowly but surely the Devs are pointed to a more modern devices and those routers become obsolete as i said..
for crashing httpd try to run this either on start up script
or via telnet/ssh

stopservice httpd
startservice httpd

sometimes it temporary fixes httpd crashes but not always...
by the way stock firmware for 841 is much more vulnerable and not updated than DD-WRT....

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
c7rax
DD-WRT Novice


Joined: 09 Nov 2017
Posts: 44

PostPosted: Wed Dec 13, 2017 10:53    Post subject: Reply with quote
Alozaros wrote:

stopservice httpd
startservice httpd

That is what i always do when httpd is no longer in processes list and not working. Weird thing is that when httpd closed itself (no longer shown by ps) then
only startservice httpd is not enough, it won't rise httpd. There is probably some lock switch which doesn't fall down with httpd crashed.

Alozaros wrote:

by the way stock firmware for 841 is much more vulnerable and not updated than DD-WRT....

Last version is from 2017 february, and this is why I still want to have dd-wrt here instead of TP LINK.

BTW. i returned to r33607 and mostly configured router - still some issues. Without https of course. Didn't even bother to check this again.
In my own opinion httpd crashes much less and is more stable than in r33986, still mostly with bridge configuration. But it can be related to any changes made in r33986 instead of httpd itself.
Even ssh connections are sometime bricked when "applying changes" are choose. Don't know why but I don't need to rise sshd so it is no big problem.
Revvers
DD-WRT Novice


Joined: 07 Dec 2021
Posts: 1

PostPosted: Tue Dec 07, 2021 22:46    Post subject: Reply with quote
Sorry to re-enter but it might help someone.

This happens when we disable HTTP access in the router configuration in Administration> Management> WebAccess protocol.

1. If telnet is available, type "startservice httpd".
2. If not, and we have telnet access, try SSH root@192.168.XX.1 (either system password or your own password). Using the "ps" command will display a list of processes. In my case I left HTTPS enabled, so in the list I only have "httpd -S", to enable plain HTTP I enter "httpd -p 80".

At this point, the GUI should be working. You should enable HTTP in your configuration and save it to avoid this problem after restarting the router.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Tue Dec 07, 2021 23:08    Post subject: Reply with quote
Mods will probably lock this, but the recommended solution would be to upgrade to a newer build at this point in 2021
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Dec 08, 2021 17:39    Post subject: Reply with quote
Wildlion wrote:
Mods will probably lock this, but the recommended solution would be to upgrade to a newer build at this point in 2021


Its hard to believe people choose to spend their free time supporting obsolete and unsupported builds, but it is their choice. I fully agree with updating to a recently build with full nvram reset and not restoring old nvram backups.

I do recommend dumping the nvram to text file via ssh/tenelt nvram show > /tmp/nvrambackup.txt for better setup as previous with human readable references.

Also, restart httpd is very simple restart httpd is all you need.

Take care now,

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Dec 08, 2021 17:49    Post subject: Reply with quote
Not going to back-track to the original issue here via commits; completely unnecessary. But I did notice that there was a recent commit regarding an ssl issue https://svn.dd-wrt.com/changeset/47819 as well as another for fixing other things due to other issues being worked on https://svn.dd-wrt.com/changeset/47822 (unrelated, but). This thread could likely be closed out or split (without removal of anyone's posts this time, please).
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum