These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for [Solved] SSL Cipher mismatch can't get to port 10000 on the new forum.
I changed SSL CipherSuite at 1:30am and am now locked out of Webmin/Virtualmin port 10000 with a ERR_SSL_VERSION_OR_CIPHER_MISMATCH (in Chrome - similar errors in Firefox and Safari)
I reverted the changes to /etc/apache2/apache2.conf and /etc/apache2/mods-enabled/ssl.conf so my sites are back up, but I can't get to port 10,000, I remember reading that there is a separate web server for Webmin but can't find details.
I can SSH into the server but GUI is out.
Have you tried ssh in and restarting webmin? On Ubuntu its 'sudo service webmin restart'. ANd check if port 10000 is listening with 'netstat -lN'. Thats small L big N. Should see something like
'tcp 0 0 0.0.0.0:webmin 0.0.0.0:* LISTEN'
OR... Create an SSH tunnel and try connect to webmin via localhost? Maybe can get in that way if its a firewall issue.
ssh -D:port username@server.com Example ssh -D:2000 admin@server.com
Then set your browser to use socks5 proxy on 127.0.0.1:2000, But be sure 127.0.0.1 is not in the 'No Proxy for' list as is by default for firefox.
All browser traffic should now go through the ssh tunnel and give access to webmin as if you where on the local machine. Browse to https://127.0.0.1:10000.
I restarted webmin (I'm on Ubuntu 16.04)
# netstat -lN | grep webmin
tcp 0 0 0.0.0.0:webmin 0.0.0.0:* LISTEN
I can't see how it's a firewall issue as the error is not access, but SSL Version or Cipher Mismatch and that was what I was adjusting when I broke it. I can get to port 20000. If I go to port 10000 on any of the domains hosted by that server I get the SSL Mismatch.
Just in case I've opened up port 10000
$ iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
This site can’t provide a secure connection
srv1.domain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Looking at Apache configs I can see ports 80 and 443 configured. What and where is the configuration for port 10000? That's the broken cipher/version setup that I changed in Webmin > Webmin Configuration > SSL Encryption > Allowed SSL ciphers > Listed Ciphers
Fixed it! Webmin runs it's own perl web server
# nano /etc/webmin/miniserv.conf
Then I edited the line to be
ssl_cipher_list=ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM
Finally
service webmin restart
How did I find it?
netstat -nap
gave me perl listening on port 10000. Then
ps -ef | grep perl
/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
gave me the configuration file.