All, To follow up on this, I've had a couple messages sent to me and I've confirmed this my self that there is only a single item to remove from your java.security file to retain the IDRAC6 functionality.
*jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \* * EC keySize < 224, DES40_CBC, RC4_40*, 3DES_EDE_CBC *need to be changed to* *jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \* * EC keySize < 224, DES40_CBC, RC4_40* *Effectively it's only `3DES_EDE_CBC` instance should be removed from this directive and nothing more.* Additionally i would reccommend you make the following change in the IDRAC webpage: iDRAC Settings --> Network/Security --> Services: Change the SSL Encryption to 256-bit or higher. This doesn't negate the above change thats needed in your java.security file until Dell makes a Fix. (Thanks to Ivan & Libor for the notes) Josh On Thu, May 10, 2018 at 9:28 AM, Gould, Josh <jago...@cswas.com> wrote: > Same problem with IDRAC6, 7, and 8 with latest Java. Upgrade to IDRAC 7&8 > fixes it for them, but IDRAC 6 still doesnt' work. > > Work around is to disable some of the security settings for JAVA in your > java.security file: > > I commented out the following lines: > #jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ > # RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 > > #jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < > 1024 > > #jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ > # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC > > #jdk.tls.legacyAlgorithms= \ > # K_NULL, C_NULL, M_NULL, \ > # DH_anon, ECDH_anon, \ > # RC4_128, RC4_40, DES_CBC, DES40_CBC, \ > # 3DES_EDE_CBC > > Everything worked perfectly after words. Keep in mind though, this does > lower your security of JRE, use at your own risk. > > > -Josh > > On Thu, May 10, 2018 at 8:30 AM, <linux-poweredge-requ...@dell.com> wrote: > >> >> >> On 09/05/18 17:54, R S wrote: >> > I'm having problems Lauching Console in an iDRAC6 on a >> > R710 with BIOS 6.5.0 and iDRC 2.90 >> > It errors out: >> > >> > >> > Tried with 3 different browser on 3 different OS and they >> > all fail.? >> > >> > I'm going to downgrade to 2.85 first and see if it >> > connects. If not I'm going to downgrade BIOS to 6.4.0 >> > >> > Is DELL planning to update the cert that will expire in >> > about 7 month. Just a heads up as thing take time.... >> > >> > >> > On Wed, May 9, 2018 at 6:04 AM, lejeczek >> > <pelj...@yahoo.co.uk <mailto:pelj...@yahoo.co.uk>> wrote: >> > >> > guys, can you get to "virtual console" in your >> > iDrac(2.90 (Build 04))? >> > It seems to me 3.4.0 BIOS has broken something. >> > >> > many thanks, L. >> > >> > _______________________________________________ >> > Linux-PowerEdge mailing list >> > Linux-PowerEdge@dell.com <mailto:Linux-PowerEdge@dell.com> >> > https://lists.us.dell.com/mailman/listinfo/linux-poweredge >> > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge> >> > >> > >> > >> > >> > -- >> > Tech III * AppControl * Endpoint Protection * Server >> > Maintenance >> > Buncombe County Schools Technology Department Network Group >> > ComicSans Awareness Campaign <http://comicsanscriminal.com> >> >> >> >> Message: 3 >> Date: Thu, 10 May 2018 14:30:29 +0200 >> From: Peter Holl <peter.h...@pnsensor.de> >> To: linux-poweredge@dell.com >> Subject: [Linux-PowerEdge] iDRAC 6 enterprise console not working with >> newest java >> Message-ID: <75818d38-2260-4130-c554-f8e094c00...@pnsensor.de> >> Content-Type: text/plain; charset="utf-8"; Format="flowed" >> >> Hello, >> >> after updating from Java 8/162 to 8/171 I can't connect to the console >> using the Virutual Console Client (i.e, by opening the downloaded >> viewer.jnlp). >> >> The screenshot shows the "Connection failed." message I got. >> >> I this on tested this in various combinations, with two R610 as iDRAC >> "server", and connecting to the them from windows and macos systems. >> Finally I found a macbook with an older Java and there it still works. >> >> >> Any known cure? Otherwise it would be a service call since my machines >> are in ProSupport. >> >> >> Thanks in advance, >> Peter >> >> Peter Holl >> PNSensor GmbH >> Otto-Hahn-Ring 6 >> 80798 M?nchen >> -------------- next part -------------- >> A non-text attachment was scrubbed... >> Name: Screen Shot 2018-05-10 at 1.26.25 PM.png >> Type: image/png >> Size: 16382 bytes >> Desc: not available >> URL: <http://lists.us.dell.com/pipermail/linux-poweredge/attachme >> nts/20180510/5c526396/attachment.png> >> -------------- next part -------------- >> A non-text attachment was scrubbed... >> Name: peter_holl.vcf >> Type: text/x-vcard >> Size: 361 bytes >> Desc: not available >> URL: <http://lists.us.dell.com/pipermail/linux-poweredge/attachme >> nts/20180510/5c526396/attachment.vcf> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> Linux-PowerEdge mailing list >> Linux-PowerEdge@dell.com >> https://lists.us.dell.com/mailman/listinfo/linux-poweredge >> >> ------------------------------ >> >> End of Linux-PowerEdge Digest, Vol 168, Issue 7 >> *********************************************** >> > >
_______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
