On Tue, 5 Apr 2016, john wrote: > iDRAC6 works fine on latest Java (8u77) / Windows 7 here. You need to add the > URL of the DRAC to the Java exception list though in control panel, or edit > this file: > C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites > > DRAC5 Java console also uses SSLv3 which is disabled by default in newer Java > versions. You will also need to re-enable it again by editing the file: > C:\Program Files\Java\%java_version%\lib\security and commenting out this > line with a # at the start: > > jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 > > Bear in mind this might leave you vulnerable to SSL vulnerabilities if you > access untrusted Java content. You will also need to redo this every time > there is a Java update as it installs new files in a different version > directory.
Have started having SSL issues again on some of the DRACs and finally found the solution to this again which I thought I'd share.. This would affect some DRAC5 and iDRAC6 but not all of them. Took a while to figure this one out but it's down to Java again SSL. On connecting to the remote console from the iDRAC java would throw out an error: "Error when reading from ssl socket connection" I verified that we had commented out the disabledAlgorithms in java.security and that the IP/hostname was in the exceptions list. It looks like some of the certs have an older SSL certificate signed by an older chain that is being rejected by Java. Java console logged: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints To fix this I had to comment out both of these lines jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 in java.security located at: C:\Program Files\Java\%java_version%\lib\security\java.security I guess this could also be fixed by updating your SSL cert+chain to a newer one but I've had issues trying to do that before. This will leave your Java vulnerable to some weak SSL issues but I'd recommend you run a machine/vm purely for DRAC access if possible to avoid this issue. john _______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
