I've noticed this last week, but it probably dates back several weeks (or
The running OS is RHEL6.8 , OpenSSL 1.0.1e-fips.
Pablo Ilarragorri | Linux Servers Solutions Level 4 | Cloud Services | Global
Pistrelli, Henry Martin y Asociados SRL
Office: (+54) 11-4510 | pablo.ilarrago...@ar.ey.com
From: Paul Menzel [mailto:pmen...@molgen.mpg.de]
Sent: Tuesday, September 20, 2016 8:24 AM
To: Pablo Ilarragorri <pablo.ilarrago...@ar.ey.com>;
Subject: Re: [Linux-PowerEdge] VMCLI - SSLv3 Handshake
On 09/19/16 20:42, Pablo Ilarragorri wrote:
> I've started to encounter the following error while trying to run vmcli
> against several iDRACs.
> Error: SSL Connection error
> 139702341482120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake failure:s23_clnt.c:744:
> The iDRAC ssl config seems correct (enforcing tls)
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> Protocol : TLSv1.2
> Cipher : DHE-RSA-AES256-GCM-SHA384
> I've tried with auto-negotiate on the idrac side, no luck so far.
> As far as I understand, it seems that vmcli is not capable of understanding
> TLS and fails the connection to the iDRAC.
> My vmcli version
> Name : srvadmin-idrac-vmcli
> Arch : x86_64
> Version : 8.3.0
> Release : 1908.9058.el6
> # vmcli -v
> iDRAC Virtual Media Command Line Interface. Version: 2.00.00.22110
> Is ther any workaround for this? Am I doing something wrong on my end?
Since when does the problem? Do the components for example use your
distribution OpenSSL library, and that was updated?
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. If
you are not the intended recipient you are hereby notified that any disclosure,
copying, distribution or taking any action in reliance on the contents of this
information is strictly prohibited and may be unlawful. If you have received
this communication in error, please notify us immediately by responding to this
email and then delete it from your system. EY is neither liable for the proper
and complete transmission of the information contained in this communication
nor for any delay in its receipt.
Linux-PowerEdge mailing list