[Linux-PowerEdge] iDRAC 2.60.60.60 TLSv1.2-only and cipher settings not working

Fri, 28 Sep 2018 11:05:38 -0700 

[EXTERNAL EMAIL] 
Please report any suspicious attachments, links, or requests for sensitive 
information.


 

Has anyone managed to get the TLS cipher suite settings available in DRAC
2.60.60.60 working?  According to the documentation, any OpenSSL cipher
string should work, but none of the ones I have tried have changed offered
ciphers.

 

In addition, setting "TLS 1.2 only" doesn't seem to work; scanners show that
TLS 1.1 is still supported.

 

I tried the following cipher strings:

                DHE-RSA-AES256-GCM-SHA384                 (accepted by Web
I/F, but resulted in no changes to offered ciphers) 

                TLSv1.2
(Web IF won't accept it ) 

 

DRAC settings: 

SSL Encryption:  256-bit of higher

TLS Protocol:     TLS 1.2 Only

Custom Cipher String:  DHE-RSA-AES256-SHA256

 

testssl.sh scan results showing TLS 1.1 and a bunch of ciphers I did not
specify:

 

TLS 1.1

x39     DHE-RSA-AES256-SHA                DH 1024    AES         256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA

x88     DHE-RSA-CAMELLIA256-SHA           DH 1024    Camellia    256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

x35     AES256-SHA                        RSA        AES         256
TLS_RSA_WITH_AES_256_CBC_SHA

x84     CAMELLIA256-SHA                   RSA        Camellia    256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

TLS 1.2

x9f     DHE-RSA-AES256-GCM-SHA384         DH 1024    AESGCM      256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

x6b     DHE-RSA-AES256-SHA256             DH 1024    AES         256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

x39     DHE-RSA-AES256-SHA                DH 1024    AES         256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA

x88     DHE-RSA-CAMELLIA256-SHA           DH 1024    Camellia    256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

x9d     AES256-GCM-SHA384                 RSA        AESGCM      256
TLS_RSA_WITH_AES_256_GCM_SHA384

x3d     AES256-SHA256                     RSA        AES         256
TLS_RSA_WITH_AES_256_CBC_SHA256

x35     AES256-SHA                        RSA        AES         256
TLS_RSA_WITH_AES_256_CBC_SHA

x84     CAMELLIA256-SHA                   RSA        Camellia    256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

 

 

Documentation: 

https://www.dell.com/support/manuals/us/en/04/poweredge-r420/idrac_2.60.60.6
0_ug_pub/configuring-cipher-suite-selection-using-idrac-web-interface?guid=g
uid-0329847b-9a9b-462b-b0f8-e38f0889e05c
<https://www.dell.com/support/manuals/us/en/04/poweredge-r420/idrac_2.60.60.
60_ug_pub/configuring-cipher-suite-selection-using-idrac-web-interface?guid=
guid-0329847b-9a9b-462b-b0f8-e38f0889e05c&lang=en-us> &lang=en-us

 


_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Reply via email to