Thanks for this information. I'd like to point out that 3DES is considered weak, so enabling it should be a last resort. I sincerely hope Dell will keep their SSL/TLS stuff up to date: it changes all the time.
Cheers, Onno > On 15 May 2018, at 20:17, Gould, Josh <[email protected]> wrote: > > All, > To follow up on this, I've had a couple messages sent to me and I've > confirmed this my self that there is only a single item to remove from your > java.security file to retain the IDRAC6 functionality. > > jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ > EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC > > need to be changed to > > jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ > EC keySize < 224, DES40_CBC, RC4_40 > > Effectively it's only `3DES_EDE_CBC` instance should be removed from this > directive and nothing more. > > > Additionally i would reccommend you make the following change in the IDRAC > webpage: > iDRAC Settings --> Network/Security --> Services: Change the SSL Encryption > to 256-bit or higher. > This doesn't negate the above change thats needed in your java.security file > until Dell makes a Fix. > > (Thanks to Ivan & Libor for the notes) > > Josh > > On Thu, May 10, 2018 at 9:28 AM, Gould, Josh <[email protected] > <mailto:[email protected]>> wrote: > Same problem with IDRAC6, 7, and 8 with latest Java. Upgrade to IDRAC 7&8 > fixes it for them, but IDRAC 6 still doesnt' work. > > Work around is to disable some of the security settings for JAVA in your > java.security file: > > I commented out the following lines: > #jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ > # RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 > > #jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 > > #jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ > # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC > > #jdk.tls.legacyAlgorithms= \ > # K_NULL, C_NULL, M_NULL, \ > # DH_anon, ECDH_anon, \ > # RC4_128, RC4_40, DES_CBC, DES40_CBC, \ > # 3DES_EDE_CBC > > Everything worked perfectly after words. Keep in mind though, this does > lower your security of JRE, use at your own risk. > > > -Josh > > On Thu, May 10, 2018 at 8:30 AM, <[email protected] > <mailto:[email protected]>> wrote: > > > On 09/05/18 17:54, R S wrote: > > I'm having problems Lauching Console in an iDRAC6 on a > > R710 with BIOS 6.5.0 and iDRC 2.90 > > It errors out: > > > > > > Tried with 3 different browser on 3 different OS and they > > all fail.? > > > > I'm going to downgrade to 2.85 first and see if it > > connects. If not I'm going to downgrade BIOS to 6.4.0 > > > > Is DELL planning to update the cert that will expire in > > about 7 month. Just a heads up as thing take time.... > > > > > > On Wed, May 9, 2018 at 6:04 AM, lejeczek > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > guys, can you get to "virtual console" in your > > iDrac(2.90 (Build 04))? > > It seems to me 3.4.0 BIOS has broken something. > > > > many thanks, L. > > > > _______________________________________________ > > Linux-PowerEdge mailing list > > [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge> > > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge > > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge>> > > > > > > > > > > -- > > Tech III * AppControl * Endpoint Protection * Server > > Maintenance > > Buncombe County Schools Technology Department Network Group > > ComicSans Awareness Campaign <http://comicsanscriminal.com > > <http://comicsanscriminal.com/>> > > > > Message: 3 > Date: Thu, 10 May 2018 14:30:29 +0200 > From: Peter Holl <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Subject: [Linux-PowerEdge] iDRAC 6 enterprise console not working with > newest java > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello, > > after updating from Java 8/162 to 8/171 I can't connect to the console > using the Virutual Console Client (i.e, by opening the downloaded > viewer.jnlp). > > The screenshot shows the "Connection failed." message I got. > > I this on tested this in various combinations, with two R610 as iDRAC > "server", and connecting to the them from windows and macos systems. > Finally I found a macbook with an older Java and there it still works. > > > Any known cure? Otherwise it would be a service call since my machines > are in ProSupport. > > > Thanks in advance, > Peter > > Peter Holl > PNSensor GmbH > Otto-Hahn-Ring 6 > 80798 M?nchen > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Screen Shot 2018-05-10 at 1.26.25 PM.png > Type: image/png > Size: 16382 bytes > Desc: not available > URL: > <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.png > > <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.png>> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: peter_holl.vcf > Type: text/x-vcard > Size: 361 bytes > Desc: not available > URL: > <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.vcf > > <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.vcf>> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] <mailto:[email protected]> > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge> > > ------------------------------ > > End of Linux-PowerEdge Digest, Vol 168, Issue 7 > *********************************************** > > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
