Tested and confirmed. The compromising elements that the iDRAC6 still relies on is either a 1024 certificate key and MD5 or MD2 both of which are deprecated for.... like 10 years[1]?
[1] https://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html On Thu, May 10, 2018 at 12:09 PM, R S <[email protected]> wrote: > Nah, the SSL/TLS backend in the iDRAC6 most likely needs to be updated and > that will fix it (see other email thread from Mr. S. Smoogen). Instead we > are insecuring our Java clients to make it work with insecure iDRAC6. > If it were possible, I'd get a kick out of the results on SSLLabs. It's > seems they are still relying on MD5 and 1024 keys! > > On Thu, May 10, 2018 at 11:30 AM, Chris Adams <[email protected]> wrote: > >> Once upon a time, R S <[email protected]> said: >> > We shouldn't be asked to downgrade our Java version, nor mess with the >> > security setting of JDK/JRE/IcedT. If this really is java-related then >> it's >> > up to Dell to fix this and restore functionality of the iDRAC. >> >> I'm curious; if a Java upgrade broke an application, why do you blame >> the application? Java upgrades have been known to introduce bugs >> before; it is quite possible the problem is on the Java end, not the >> application end. >> >> If Microsoft sends out a Windows update and your Logitech mouse stops >> working, do you blame Logitech? No, it is probably a Microsoft bug. >> >> -- >> Chris Adams <[email protected]> >> >> _______________________________________________ >> Linux-PowerEdge mailing list >> [email protected] >> https://lists.us.dell.com/mailman/listinfo/linux-poweredge >> > > > > -- > Tech III * AppControl * Endpoint Protection * Server Maintenance > Buncombe County Schools Technology Department Network Group > ComicSans Awareness Campaign <http://comicsanscriminal.com> > -- Tech III * AppControl * Endpoint Protection * Server Maintenance Buncombe County Schools Technology Department Network Group ComicSans Awareness Campaign <http://comicsanscriminal.com>
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
