Unable to Browse to AudioCodes Mediant via HTTPS?

Hi All,

Over the past few years browsers such as Chrome or Firefox have started deprecating known vulnerabilities in SSL/TLS encryption – vulnerabilities that can break the encrpytion. Where this post’s issue lies is that IETF have prohibited the use of RC4.

The Issue

Now, what happens if you need to access something via HTTPS, say an AudioCodes that uses the RC4 cipher? You will probably be presented with an error such as in Chrome: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”. This is effectively saying the browser does not support any ciphers being offered from the HTTPS sever.

At this point we have two options:

  1. Install an older browser that supports RC4 (please don’t do this, it’s disabled for a reason).
  2. Change the cipher suite on the AudioCodes to support a cipher other than RC4.

Enabling Another Cipher

Let’s go with option 2, shall we?

  1. As we cannot browse to the device, we will need to SSH (or Telnet if SSH is disabled) to the Mediant instead. You should be able to login using the same credentials you use via the webpage.
  2. From the prompt enter enable mode and enter the enable password (in default this is “Admin”).
  3. If you are in enable mode you will now have a “#” at the end of the prompt.
  4. We now enter the system configuration
  5. Then in to the web server configuration.
  6. Change the HTTPS cipher string to “RC4:AES128” – this is the default string on newer builds of AudioCodes software. It is in OpenSSL format and adds AES128 in addition to RC4.
  7. Exit the web configuration and exit system configuration.
  8. Now go in to the voip configuration.
  9. Then enter tls configuration (if this is not found you might be on an older build and will need to find this under system configuration).
  10. Change the server ciphers to match the HTTPS ciphers.
  11. Exit the tls and voip configuration.
  12. Reload (reboot) the system for changes to take effect.

After the reboot you should now be able to login via HTTPS.

Leave a Reply