Hi all,

I have been using HackerGuard to run a PCI compliance test on the public IP of a DrayTek 2860 (firmware last brought up-to date about 2-3 months ago after the security scare).

The network scan kept coming back a as failure because HackerGuard detects old versions of TLS on the router. I had already unticked TLS version 1.x in the management page but the scan still came back as a fail.
I finally unticked TLS 1.2 (so no TLS options were ticked) and saved the config... now I can't get back into the router (I'm trying to access from the LAN via TeamViewer - the router is still routing traffic normally).

I'm pretty certain Telnet / SSH are disabled on this 2860. Is my only hope of getting back into the router (whilst preserving the config) to disable all cipher suits in my browser (not sure if this is possible) or connect from a LAN PC running an old version of Windows / with an old browser that doesn't demand TLS?

Or is there no choice but to reset the router to factory defaults?

Any advice appreciated.
Toff

Hello

You disabled TLS v1.2 which is the highest version... You should only diable SSL3.0 and TLS1.0, leaving TLS 1.1 and 1.2 activated

What you can do if possible is to access the LAN remotely and access the web page of the router via HTTP and reactivate the settings

Or fire up a virtual machine of Windows XP and use an old browser to get to it?