This is a great storage device if you’re on the local network, but if you want to access your files outside of the network it’s pretty poor compared real cloud storage service providers.
Here’s the latest I’m getting when trying to access WD2Go.com
Secure Connection Failed
An error occurred during a connection to klevermedia-device2001238.wd2go.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Same thing for Opera too, I hope there is a fix coming for this guys as I’m sure many customers use this product for it’s cloud services.
–
Server has a weak ephemeral Diffie-Hellman public key
This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn’t be secure at all!
In this case the server needs to be fixed. Opera won’t use insecure connections in order to protect your privacy.
No problems accessing a remote WD drive through WD2Go.com with Firefox 39.0 on a Windows 7 x64 box. I do get a series of security warning screens (see below) that I have to proceed through dealing with the WD2Go.com security certificate. I have to click on “I Understand the Risks”, then “Add Exceptions”, then “Confirm Security Exceptions”.
I think the problem is the “I understand the risks” bit. The average WD user probably doesn’t understand the risks; I’m not sure I do… And, sensibly, if the average user doesn’t understand the risks, they are choosing not to create an exception, because they’re not sure that it is safe to do so. If a browser warns me about SSL security, and tells me “legitimate banks, stores and other public websites will not ask you to do this”, it doesn’t give a very warm feeling about WD’s security, does it…?
My suspicion is that each MyCloud would require a unique certificate, and verifying those certificates is the problem. It’s probably okay…
Anyone have a good understanding of this issue, or know of a WD white paper on the problem?
I’m using a Mac, Yosemite OSX. I used to just be able to bypass the security warning in Firefox but now it doesn’t give me the options, the same applies for opera.
I think the problem is the “I understand the risks” bit. The average WD user probably doesn’t understand the risks; I’m not sure I do… And, sensibly, if the average user doesn’t understand the risks, they are choosing not to create an exception, because they’re not sure that it is safe to do so. If a browser warns me about SSL security, and tells me “legitimate banks, stores and other public websites will not ask you to do this”, it doesn’t give a very warm feeling about WD’s security, does it…?
My suspicion is that each MyCloud would require a unique certificate, and verifying those certificates is the problem. It’s probably okay…
Anyone have a good understanding of this issue, or know of a WD white paper on the problem?
Yeah the wording will probably confuse people just as some get confused by the wording of similar certificate warning messages that crop up when logging in remotely with the WD My Cloud Desktop app.
My guess is that it would cost too much money, since SSL certs are often done on a yearly or multi year basis, for WD to obtain the proper certificates for each “cloud” device they sell. It would probably happen that WD would have to institute a yearly recurring charge the customer for the cert fee, or the customer would have to pay the yearly fee to renew the security cert. By going the WD2Go.com route it allows them to have one SSL cert that all their consumer “cloud” devices can use but the trade off is the annoying and at times confusing messages people get when using the WD2Go.com site or the WD My Cloud Desktop app.
I’m using a Mac, Yosemite OSX. I used to just be able to bypass the security warning in Firefox but now it doesn’t give me the options, the same applies for opera.
A possible workaround, per this Mozilla support link, is to add the wd2go.com domain to the “security.tls.insecure_fallback_hosts” entry in FireFox’s about:config page. Its possible Opera has a similar configuration entry that would need to be updated.
