I've noticed this last week, but it probably dates back several weeks (or months).
The running OS is RHEL6.8 , OpenSSL 1.0.1e-fips. -- Pablo Ilarragorri | Linux Servers Solutions Level 4 | Cloud Services | Global Delivery Services Pistrelli, Henry Martin y Asociados SRL Office: (+54) 11-4510 | [email protected] -----Original Message----- From: Paul Menzel [mailto:[email protected]] Sent: Tuesday, September 20, 2016 8:24 AM To: Pablo Ilarragorri <[email protected]>; [email protected] Subject: Re: [Linux-PowerEdge] VMCLI - SSLv3 Handshake Dear Pablo, On 09/19/16 20:42, Pablo Ilarragorri wrote: > I've started to encounter the following error while trying to run vmcli > against several iDRACs. > > Error: SSL Connection error > 139702341482120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:744: > > The iDRAC ssl config seems correct (enforcing tls) > > Server public key is 1024 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : DHE-RSA-AES256-GCM-SHA384 > > I've tried with auto-negotiate on the idrac side, no luck so far. > > As far as I understand, it seems that vmcli is not capable of understanding > TLS and fails the connection to the iDRAC. > > My vmcli version > > Name : srvadmin-idrac-vmcli > Arch : x86_64 > Version : 8.3.0 > Release : 1908.9058.el6 > > []# vmcli -v > iDRAC Virtual Media Command Line Interface. Version: 2.00.00.22110 > > Is ther any workaround for this? Am I doing something wrong on my end? Since when does the problem? Do the components for example use your distribution OpenSSL library, and that was updated? Kind regards, Paul ___________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. EY is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
