SOLVED unable access web ui error

[Gordon Threlkeld]

Recently upgraded from freenas 11.3 to TrueNAS Core 12-U8.1 everything was working well until the USB drive I was booting from corrupted after a power outage. Unable to repair so I installed new SSD drive and installed TrueNAS Core 12.0-U8.1. Install goes without error and after reboot and setting network configuration TrueNAS is inaccessible. I get following error:
An error occurred during a connection to xxx.xxx.xxx.xxx. Peer using unsupported version of security protocol.
Error code: SSL_ERROR_UNSUPPORTED_VERSION

Also unable to access by SSH

 

[Samuel Tai]

Browsers stopped supporting TLSv1.0 due to weak security. You'll need to configure TrueNAS to use TLSv1.3 via midclt call system.general.update '{ "ui_httpsprotocols": [ "TLSv1.3" ] }'.

SSH also needs to be enabled via midclt call service.update ssh '{ "enable": true }', and then started midclt call service.start ssh.

Note, you'll need to enter all this from the console shell (option 9 from the boot menu).

 

[Gordon Threlkeld]

Thank you for your response. I entered both of those command lines from the shell and it has not made any difference. The error message changed slightly:
Error code: SSL_ERROR_UNSUPPORTED_VERSION

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox.

SSH reports Access Denied

 

[Samuel Tai]

OK, change the HTTPS protocol to TLSv1.2 to see if Firefox will be happier with that. Remember to have Firefox accept the TrueNAS self-signed certificate.

 

[Gordon Threlkeld]

I changed it to TLSv1.2 and tried again. After accepting the certificate I got the following:
Error code: SSL_ERROR_UNSUPPORTED_VERSION

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox.

 

[Samuel Tai]

Are you including the single quotes and brackets with the midclt call? Does midclt call system.general.config | jq show the correct value for ui_httpsprotocols?

 

[Gordon Threlkeld]

Yes I typed exactly as you listed with all single quotes, double quotes, curly brackets and square brackets: ' " {} []
when I entered midclt call system.general.config | jq command it scrolled by so quick I don't know if it showed ui_httpsprotocols.

 

[Gordon Threlkeld]

Ok, I figured out how to scroll up and it shows ui_httpsprotocols as TLSv1.2

 

[Samuel Tai]

OK, that's correct then. Firefox is complaining it can't validate the self-signed cert. Try a different browser.

As for SSH, you may need to set a password for root. If midclt call user.has_root_password returns False, then you'll need to run midclt call user.set_root_password. Then for SSH, enable midclt call ssh.update '{ "rootlogin": true, "passwordauth": true }'.

 

[Gordon Threlkeld]

Tried firefox, edge, chrome and vivaldi browsers, same response in all
has_root_password was True, set rootlogin and passwordauth True, and still "Access Denied", although I have been getting Putty Security Alert heach time:
The first key-exchange algorithm supported by the server is diffie-hellman-group-sha1, which is below the configured warning threshold.
Do you want to conue with this connection?
I click yes then get login prompt and Access Denied after entering password.

 

[Samuel Tai]

This sounds like a corrupt installation. It's not supposed to be this hard. Try reinstalling.

Also be sure you're using the latest version of PuTTY.

 

[Gordon Threlkeld]

Ok, thanks for all you help!

 

[Gordon Threlkeld]

Ok, I finally got everything working again. Turned out that my PC that I created the Truenas installation media had numerous corruptions from a power outage. Once I fixed that I was able to create a new Truenas install media and it all worked as expected.

Thank you so much for all your help.