That doesn't work for me. We all have different configurations which might play into this. 3DES_EDE_CBC is not even used if I read the the output of TestSSL correctly.
I took a different approach and started with disabling MD5 as this is what the default iDRAC6 cert uses. I also upgraded OpenJDK8 to version 171 which might have changed invalidated my earlier testing as Java might have tightened security again. After testing around different combinations found on the list I found only MD5 need to be removed from two settings in the java.security file. a) jdk.certpath.disabledAlgorithms b) jdk.jar.disabledAlgorithms On Tue, May 15, 2018 at 7:17 AM, Libor Klepáč <[email protected]> wrote: > Hi, > > that explains why suddenly I cannot connect to remote console from my > linux box. > > I was also thinking it has something to do with BIOS upgrade. > > > > For the record, I can connect to console again without commenting out > > jdk.jar.disabledAlgorithms > > > > but with removing > > 3DES_EDE_CBC > > from > > jdk.tls.disabledAlgorithms > > > > few lines lower in config file (leaving rest of jdk.tls.disabledAlgorithms > with no change) > > > > My java is 8u171-b11-1 from Debian > > > > Libor > > > > > > > > On čtvrtek 10. května 2018 17:37:56 CEST Stephen John Smoogen wrote: > > > On 10 May 2018 at 09:57, Patrick Boutilier <[email protected]> wrote: > > > > On 05/10/2018 10:34 AM, lejeczek wrote: > > > >> On 09/05/18 22:34, R S wrote: > > > >>> Is there a mechanism that prevents me to downgrade from v6.5.0 back > to > > > >>> v6.4.0 on a R710/T710? I downgraded the iDRAC from 2.90 to v2.80 and > the > > > >>> 'Connection Failed' issue is still there, so I'm trying to downgrade > the > > > >>> BIOS. > > > >> > > > >> I've just downgraded back to 3.2.2 on one r815 and it seems that it > > > >> actually might be iDrac6 =! new Java. > > > >> > > > >> I wonder if users of newer iDracs also experience this problem? > > > > > > > > Newer iDRACs can use html5 instead of java plugin for the console. Not > > > > sure > > > > if it is the default but it is possible to change from Java to html5. > > > > > > I think that is only on the iDrac8 and some? iDrac7 so on an iDrac6 > > > probably will not have it. We found that the newest java puts in a > > > security fix to remove accepting weak encryption. > > > > > > the 'fix' was to edit > > > /usr/lib/jvm/java-openjdk/jre/lib/security/java.security and comment > > > out the "jdk.jar.disabledAlgorithms=" line. Not great.. but it got the > > > newer javas to talk to the old consoles. > > > > > > I would also uncomment the line afterwords. > > > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > > -- Tech III * AppControl * Endpoint Protection * Server Maintenance Buncombe County Schools Technology Department Network Group ComicSans Awareness Campaign <http://comicsanscriminal.com>
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
