Hi, > That doesn't work for me. We all have different configurations which might Agreed
> play into this. 3DES_EDE_CBC is not even used if I read the the output of > TestSSL correctly. > > > I took a different approach and started with disabling MD5 as this is what MD5 was first thing I tried, did not help here > the default iDRAC6 cert uses. I also upgraded OpenJDK8 to version 171 which > might have changed invalidated my earlier testing as Java might have > tightened security again. After testing around different combinations found > on the list I found only MD5 need to be removed from two settings in the > java.security file. a) jdk.certpath.disabledAlgorithms > b) jdk.jar.disabledAlgorithms > I think that only proper solution is new version of iDrac firmware with proper SSL level of security, instead of users fidling with java settings. Libor > > > > > > On Tue, May 15, 2018 at 7:17 AM, Libor Klepáč <libor.kle...@bcom.cz[1]> > wrote: > > > Hi, > that explains why suddenly I cannot connect to remote console from my linux > box. I was also thinking it has something to do with BIOS upgrade. > > For the record, I can connect to console again without commenting out > jdk.jar.disabledAlgorithms > > but with removing > 3DES_EDE_CBC > from > jdk.tls.disabledAlgorithms > > few lines lower in config file (leaving rest of jdk.tls.disabledAlgorithms > with no change) > > My java is 8u171-b11-1 from Debian > > Libor > > On čtvrtek 10. května 2018 17:37:56 CEST Stephen John Smoogen wrote: > > On 10 May 2018 at 09:57, Patrick Boutilier <bouti...@ednet.ns.ca[2]> wrote: > > > On 05/10/2018 10:34 AM, lejeczek wrote: > > >> On 09/05/18 22:34, R S wrote: > > >>> Is there a mechanism that prevents me to downgrade from v6.5.0 back to > > >>> v6.4.0 on a R710/T710? I downgraded the iDRAC from 2.90 to v2.80 and > > >>> the > > >>> 'Connection Failed' issue is still there, so I'm trying to downgrade > > >>> the > > >>> BIOS. > > >> > > >> I've just downgraded back to 3.2.2 on one r815 and it seems that it > > >> actually might be iDrac6 =! new Java. > > >> > > >> I wonder if users of newer iDracs also experience this problem? > > > > > > Newer iDRACs can use html5 instead of java plugin for the console. Not > > > sure > > > if it is the default but it is possible to change from Java to html5. > > > > I think that is only on the iDrac8 and some? iDrac7 so on an iDrac6 > > probably will not have it. We found that the newest java puts in a > > security fix to remove accepting weak encryption. > > > > the 'fix' was to edit > > /usr/lib/jvm/java-openjdk/jre/lib/security/java.security and comment > > out the "jdk.jar.disabledAlgorithms=" line. Not great.. but it got the > > newer javas to talk to the old consoles. > > > > I would also uncomment the line afterwords. > > Linux-PowerEdge@dell.com[3] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge[4] > > > > > > Tech III * AppControl * Endpoint Protection * Server MaintenanceBuncombe > County Schools Technology Department Network Group > > ComicSans Awareness Campaign[5] _______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
