I've noticed this last week, but it probably dates back several weeks (or 

The running OS is RHEL6.8 , OpenSSL 1.0.1e-fips.

Pablo Ilarragorri | Linux Servers Solutions Level 4 | Cloud Services | Global 
Delivery Services

Pistrelli, Henry Martin y Asociados SRL
Office: (+54) 11-4510 | pablo.ilarrago...@ar.ey.com

-----Original Message-----
From: Paul Menzel [mailto:pmen...@molgen.mpg.de]
Sent: Tuesday, September 20, 2016 8:24 AM
To: Pablo Ilarragorri <pablo.ilarrago...@ar.ey.com>; 
Subject: Re: [Linux-PowerEdge] VMCLI - SSLv3 Handshake

Dear Pablo,

On 09/19/16 20:42, Pablo Ilarragorri wrote:

> I've started to encounter the following error while trying to run vmcli 
> against several iDRACs.
> Error: SSL Connection error
> 139702341482120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 
> alert handshake failure:s23_clnt.c:744:
> The iDRAC ssl config seems correct (enforcing tls)
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : DHE-RSA-AES256-GCM-SHA384
> I've tried with auto-negotiate on the idrac side, no luck so far.
> As far as I understand, it seems that vmcli is not capable of understanding 
> TLS and fails the connection to the iDRAC.
> My vmcli version
> Name        : srvadmin-idrac-vmcli
> Arch        : x86_64
> Version     : 8.3.0
> Release     : 1908.9058.el6
> []# vmcli -v
> iDRAC Virtual Media Command Line Interface. Version:
> Is ther any workaround for this? Am I doing something wrong on my end?

Since when does the problem? Do the components for example use your 
distribution OpenSSL library, and that was updated?

Kind regards,


The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. If 
you are not the intended recipient you are hereby notified that any disclosure, 
copying, distribution or taking any action in reliance on the contents of this 
information is strictly prohibited and may be unlawful. If you have received 
this communication in error, please notify us immediately by responding to this 
email and then delete it from your system. EY is neither liable for the proper 
and complete transmission of the information contained in this communication 
nor for any delay in its receipt.

Linux-PowerEdge mailing list

Reply via email to