Huh? No security is better than old security?

To add a little better WiFi coverage in the new house I decided to pull an old Cisco/Linksys access point out of retirement and install it in the garage.

Easy, peasy. Just mount it to the wall, connect the network cable to the new CAT6 outlet, plug in the power. Voila! Expanded WiFi coverage is done.

But a quick check with a WiFi analysis app on my phone showed that it was on the same channel as most of my neighbors. I thought I ought to change that to a lesser used channel to get better performance.

Can’t Connect to Administration Pages

But I couldn’t connect to the management page using Safari on my new laptop. Keep saying something like “Safari can’t establish a secure connection to the server.”

Oh, well. Take the laptop out to the garage, reset the AP, plug in the laptop directly and do a full setup on it. The last thing I did on configuring it was to disable HTTP and enable HTTPS on the management page.

Protecting Me From Myself

Now I can’t connect to it again. Same unhelpful message from Safari. And a similar unhelpful message from Firefox. Try it with my Android phone and finally the light dawns: “net::ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION”. It might be a geeky message of the type that Apple doesn’t want its users to be confused by, but it did tell me what the issue is.

So my options are to have an insecure management page on this AP or not be able to access the management page at all. How is requiring me to use no SSL/TLS better than allowing me to use an old version?

I guess I should see if Cisco has released any newer firmware for this box. Maybe they have and it supports a newer version of SSL/TLS. But if not, it is not worth replacing the AP. Probably ought to just disable management from the WiFi side of things and assume that everyone on my hardwired LAN, including young guests, is trustworthy.