Thanks for this information.

I'd like to point out that 3DES is considered weak, so enabling it should be a 
last resort.
I sincerely hope Dell will keep their SSL/TLS stuff up to date: it changes all 
the time.

Cheers,
Onno

> On 15 May 2018, at 20:17, Gould, Josh <jago...@cswas.com> wrote:
> 
> All,
> To follow up on this, I've had a couple messages sent to me and I've 
> confirmed this my self that there is only a single item to remove from your 
> java.security file to retain the IDRAC6 functionality.
> 
> jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
>     EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
> 
> need to be changed to
> 
> jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
>     EC keySize < 224, DES40_CBC, RC4_40
> 
> Effectively it's only `3DES_EDE_CBC` instance should be removed from this 
> directive and nothing more.
> 
> 
> Additionally i would reccommend you make the following change in the IDRAC 
> webpage:
> iDRAC Settings --> Network/Security --> Services:  Change the SSL Encryption 
> to 256-bit or higher.  
> This doesn't negate the above change thats needed in your java.security file 
> until Dell makes a Fix.
> 
> (Thanks to Ivan & Libor for the notes)
> 
> Josh
> 
> On Thu, May 10, 2018 at 9:28 AM, Gould, Josh <jago...@cswas.com 
> <mailto:jago...@cswas.com>> wrote:
> Same problem with IDRAC6, 7, and 8 with latest Java.  Upgrade to IDRAC 7&8 
> fixes it for them, but IDRAC 6 still doesnt' work.
> 
> Work around is to disable some of the security settings for JAVA in your 
> java.security file:
> 
> I commented out the following lines:
> #jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
> #    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
> 
> #jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
> 
> #jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
> #    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
> 
> #jdk.tls.legacyAlgorithms= \
> #        K_NULL, C_NULL, M_NULL, \
> #        DH_anon, ECDH_anon, \
> #        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
> #        3DES_EDE_CBC
> 
> Everything worked perfectly after words.  Keep in mind though, this does 
> lower your security of JRE, use at your own risk.
> 
> 
> -Josh
> 
> On Thu, May 10, 2018 at 8:30 AM, <linux-poweredge-requ...@dell.com 
> <mailto:linux-poweredge-requ...@dell.com>> wrote:
> 
> 
> On 09/05/18 17:54, R S wrote:
> > I'm having problems Lauching Console in an iDRAC6 on a 
> > R710 with BIOS 6.5.0 and iDRC 2.90
> > It errors out:
> >
> >
> > Tried with 3 different browser on 3 different OS and they 
> > all fail.?
> >
> > I'm going to downgrade to 2.85 first and see if it 
> > connects. If not I'm going to downgrade BIOS to 6.4.0
> >
> > Is DELL planning to update the cert that will expire in 
> > about 7 month. Just a heads up as thing take time....
> >
> >
> > On Wed, May 9, 2018 at 6:04 AM, lejeczek 
> > <pelj...@yahoo.co.uk <mailto:pelj...@yahoo.co.uk> 
> > <mailto:pelj...@yahoo.co.uk <mailto:pelj...@yahoo.co.uk>>> wrote:
> >
> >     guys, can you get to "virtual console" in your
> >     iDrac(2.90 (Build 04))?
> >     It seems to me 3.4.0 BIOS has broken something.
> >
> >     many thanks, L.
> >
> >     _______________________________________________
> >     Linux-PowerEdge mailing list
> >     Linux-PowerEdge@dell.com <mailto:Linux-PowerEdge@dell.com> 
> > <mailto:Linux-PowerEdge@dell.com <mailto:Linux-PowerEdge@dell.com>>
> >     https://lists.us.dell.com/mailman/listinfo/linux-poweredge 
> > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge>
> >     <https://lists.us.dell.com/mailman/listinfo/linux-poweredge 
> > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge>>
> >
> >
> >
> >
> > -- 
> > Tech III * AppControl * Endpoint Protection * Server 
> > Maintenance
> > Buncombe County Schools Technology Department Network Group
> > ComicSans Awareness Campaign <http://comicsanscriminal.com 
> > <http://comicsanscriminal.com/>>
> 
> 
> 
> Message: 3
> Date: Thu, 10 May 2018 14:30:29 +0200
> From: Peter Holl <peter.h...@pnsensor.de <mailto:peter.h...@pnsensor.de>>
> To: linux-poweredge@dell.com <mailto:linux-poweredge@dell.com>
> Subject: [Linux-PowerEdge] iDRAC 6 enterprise console not working with
>         newest java
> Message-ID: <75818d38-2260-4130-c554-f8e094c00...@pnsensor.de 
> <mailto:75818d38-2260-4130-c554-f8e094c00...@pnsensor.de>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> Hello,
> 
> after updating from Java 8/162 to 8/171 I can't connect to the console 
> using the Virutual Console Client (i.e, by opening the downloaded 
> viewer.jnlp).
> 
> The screenshot shows the "Connection failed." message I got.
> 
> I this on tested this in various combinations, with two R610 as iDRAC 
> "server", and connecting to the them from windows and macos systems. 
> Finally I found a macbook with an older Java and there it still works.
> 
> 
> Any known cure? Otherwise it would be a service call since my machines 
> are in ProSupport.
> 
> 
> Thanks in advance,
> Peter
> 
> Peter Holl
> PNSensor GmbH
> Otto-Hahn-Ring 6
> 80798 M?nchen
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: Screen Shot 2018-05-10 at 1.26.25 PM.png
> Type: image/png
> Size: 16382 bytes
> Desc: not available
> URL: 
> <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.png
>  
> <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.png>>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: peter_holl.vcf
> Type: text/x-vcard
> Size: 361 bytes
> Desc: not available
> URL: 
> <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.vcf
>  
> <http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20180510/5c526396/attachment.vcf>>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge@dell.com <mailto:Linux-PowerEdge@dell.com>
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge 
> <https://lists.us.dell.com/mailman/listinfo/linux-poweredge>
> 
> ------------------------------
> 
> End of Linux-PowerEdge Digest, Vol 168, Issue 7
> ***********************************************
> 
> 
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge@dell.com
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Reply via email to