> That doesn't work for me. We all have different configurations which might
> play into this. 3DES_EDE_CBC is not even used if I read the the output of
> TestSSL correctly.
> I took a different approach and started with disabling MD5 as this is what
MD5 was first thing I tried, did not help here
> the default iDRAC6 cert uses. I also upgraded OpenJDK8 to version 171 which
> might have changed invalidated my earlier testing as Java might have
> tightened security again. After testing around different combinations found
> on the list I found only MD5 need to be removed from two settings in the
> java.security file. a) jdk.certpath.disabledAlgorithms
> b) jdk.jar.disabledAlgorithms
I think that only proper solution is new version of iDrac firmware with proper
SSL level of security, instead of users fidling with java settings.
> On Tue, May 15, 2018 at 7:17 AM, Libor Klepáč <libor.kle...@bcom.cz>
> that explains why suddenly I cannot connect to remote console from my linux
> box. I was also thinking it has something to do with BIOS upgrade.
> For the record, I can connect to console again without commenting out
> but with removing
> few lines lower in config file (leaving rest of jdk.tls.disabledAlgorithms
> with no change)
> My java is 8u171-b11-1 from Debian
> On čtvrtek 10. května 2018 17:37:56 CEST Stephen John Smoogen wrote:
> > On 10 May 2018 at 09:57, Patrick Boutilier <bouti...@ednet.ns.ca>
> > > On 05/10/2018 10:34 AM, lejeczek wrote:
> > >> On 09/05/18 22:34, R S wrote:
> > >>> Is there a mechanism that prevents me to downgrade from v6.5.0 back to
> > >>> v6.4.0 on a R710/T710? I downgraded the iDRAC from 2.90 to v2.80 and
> > >>> the
> > >>> 'Connection Failed' issue is still there, so I'm trying to downgrade
> > >>> the
> > >>> BIOS.
> > >>
> > >> I've just downgraded back to 3.2.2 on one r815 and it seems that it
> > >> actually might be iDrac6 =! new Java.
> > >>
> > >> I wonder if users of newer iDracs also experience this problem?
> > >
> > > Newer iDRACs can use html5 instead of java plugin for the console. Not
> > > sure
> > > if it is the default but it is possible to change from Java to html5.
> > I think that is only on the iDrac8 and some? iDrac7 so on an iDrac6
> > probably will not have it. We found that the newest java puts in a
> > security fix to remove accepting weak encryption.
> > the 'fix' was to edit
> > /usr/lib/jvm/java-openjdk/jre/lib/security/java.security and comment
> > out the "jdk.jar.disabledAlgorithms=" line. Not great.. but it got the
> > newer javas to talk to the old consoles.
> > I would also uncomment the line afterwords.
> Tech III * AppControl * Endpoint Protection * Server MaintenanceBuncombe
> County Schools Technology Department Network Group
> ComicSans Awareness Campaign
Linux-PowerEdge mailing list