Use openssl s_client -host <idrac address> -port 443
in order to find out which cipher your idrac is using. For instance, we have a Fujitsu node that reported it was using 'TLSv1/SSLv3, Cipher is RC4-MD5’. We tried to change the 'jdk.tls.disabledAlgorithms’ property as mentioned below but did not get it work. In this case, we had to use an older java version. Ernst > On 5 apr. 2016, at 10:15, john <[email protected]> wrote: > > On Mon, 4 Apr 2016, Blake Hudson wrote: > >> You don't mention which version of FireFox, OS, or Java you're using. >> Most problems I've ran into are client side, and are usually ruled out >> there. >> >> To rule out a server issue, I would suggest resetting the iDRAC via ssh >> and updating to the latest iDrac firmware (Dell's site shows this as 2.85). >> >> On the client side, some of the older iDRACs don't work with current >> versions of Java. I keep around a WinXP VM with java 1.6 and another VM >> with java 1.7 just to access some of the older dracs. I believe the >> iDrac 6 should work fine with XP + Java 1.7. If it matters, on a Win10 >> VM I have trouble viewing the iDrac 6 web interface in IE 10/Edge and >> the console applet does not work with Java 8 (1.8), so the iDrac 6 is >> basically unsupported on current client platforms. Hopefully Java will >> die soon enough and these remote KVMs will be able to utilize HTML 5 or >> a custom plugin that works with up to date browsers and operating systems. > > iDRAC6 works fine on latest Java (8u77) / Windows 7 here. You need to add > the URL of the DRAC to the Java exception list though in control panel, or > edit this file: > C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites > > DRAC5 Java console also uses SSLv3 which is disabled by default in newer > Java versions. You will also need to re-enable it again by editing the > file: > C:\Program Files\Java\%java_version%\lib\security and commenting out this > line with a # at the start: > > jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 > > Bear in mind this might leave you vulnerable to SSL vulnerabilities if you > access untrusted Java content. You will also need to redo this every time > there is a Java update as it installs new files in a different version > directory. > > john > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] <mailto:[email protected]> > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge>
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
