Why can’t I access my router’s configuration page via https?

By Posted on

Problem :

I have a TP-Link router and I tried accessing the configuration page (192.168.0.1) via https, but could not. It only works via http.

Does this happen with any router or is it just mine (or maybe just TP-Link)?

I’ve googled this issue a lot and I can’t seem to find anything related to this subject

Solution :

If tp-link doesn’t support HTTPS

You can look into dd-wrt which supports HTTPS

Following list has supported devices by dd-wrt
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

If your device is supported you can flash it and install DD-WRT

TP-Link (as with many or most other home router manufacturers) are pretty lame on security. Along with this lack of https, their password limitations for your router admin account, is maximum 14 character alphanumeric, (thus crackable, arguably, and certainly artifically-limited in length). Sometimes they have weird limitations on the ASCII characters for WiFi passwords, too, even though the WiFi standard doesn’t have these limitations (IIRC).
The https is not such a big deal, as typically it would be a self-signed certificate (and thus already-leaked all over the web and MiTM-able for any half-serious attacker, as far as I know).
Sorry this isn’t a solution, but the solution is in new third-party firmware (and testing it to see that it does what it claims to do, security-wise).

HTTP and HTTPS aren’t interchangeable simply because one works. They are two different protocols, whilst both use HTTP to transfer data, HTTPS does this over a secure sockets layer.

Whilst the difference looks like a simple addition of the letter S, a lot more is going on. The server needs to be able to provide this particular service, many routers do not as the data isn’t usually important enough to warrant the additional encryption (the most important data it’ll be handling for most end users would be a Wi-Fi PSK, or an ADSL password).

As such, unless you’re using a router that happens to have this somewhat trivial level of web management security, or it’s an enterprise level router, you won’t have this feature.

Just so you’re aware, you will get a page not found message, as:

HTTP, by default, is listening on port 80.
HTTPS, by default, listens on port 443.

When sites use HTTPS, your browser will interpret this to mean https://192.168.X.X:443, as opposed to http://192.168.X.X:80.

As it’s not listening on port 443, there’s nothing to connect to, so it returns that no page is available.

As for what you can do about it, there are a few alternative firmwares, such as DD-WRT, Tomato or Open-WRT which may provide what you want.

Leave a Reply

Your email address will not be published. Required fields are marked *