Hi,

I have a 2820n with firmware version 3.3.8_2471201.

I want to force local web admin to use a secured (TLS1.2) https connection, but can't figure-out how.

Anyone know if that can be done? If so, how?

TLS 1.2 support was added to the 2820 with firmware 3.3.7.7 (January 2016). I don't think it's possible to select which TLS version this router uses like you can on the 2860 for instance, but to enable TLS support go to System Maintenance > Management and make sure that Enable SSL 3.0 is unchecked.

John.

Thanks.

Following your suggestion, I have now enabled SSL3.0 in 'System Maintenance > Management'. The 2820n then rebooted after a warning that enabling SSL3.0 might cause security problems (!). After re-booting, web login is still unsecured.

What do I now configure to get the local web login page to default to https:?

My 2820 user guide (v 3.2) shows a section entitled 'HTTPS Encryption Setup' under 'System Maintenance'. But I don't see that on my 2820n. Is it only available for some 2820 variants, but not all?

John: having re-read your post I see you said uncheck enable SSL 3.0. So I have reverted, and am back where i started!

Martin

OK no problem. First the Enable SSL 3.0 should be unchecked (disabled). The 2820 is now a venerable old router, and does not have all the features available for the newer routers, so you will have to work around some of the short comings.

In System Maintenance > Management, there is a section called Management Port Set Up. Make sure this is set to User Define Ports, and alter the port for HTTP to something like 1212. This will stop web browsers from finding the Router Login page using the unencrypted HTTP protocol (Unless someone knows the port you have set it to). On later routers there is a tick box to enforce HTTPS Access, so this work round is unnecessary.

In order to access the router you should now type HTTPS://192.168.1.1 into your web browsers address bar (or whatever the IP address is of your router) and press enter.

The first time you try to access the router your web browser will throw an error saying the site is not secure. This is because the router is using a self signed certificate which your browser does not trust. You then need to tell the browser to create an exception for this site, and it should then display the Router login screen. I would create a bookmark/favourite in your browser at this point to make it easier to access the router in the future.

Depending on which browser you are using, the address bar may show Insecure, HTTPS with strike through (Chrome), or a padlock with a yellow exclamation mark (Firefox). The connection, however, IS encrypted and secure. The warnings are there because the certificate wasn't signed by a trusted root authority.

John.

That worked. Many thanks.

Martin