[EXTERNAL EMAIL] Please report any suspicious attachments, links, or requests for sensitive information.
Oh wow. Good finding. We are relying on the 'TLS1.2 only' setting ever since it was introduced to the iDRAC as it was supposed to be a good way of getting rid of SSL and TLS1.1 during negotiation. I was even wondering why TLS1.3 is not supported yet. On Fri, Sep 28, 2018 at 2:05 PM Robert Jacobson <[email protected]> wrote: > [EXTERNAL EMAIL] > Please report any suspicious attachments, links, or requests for sensitive > information. > > > > Has anyone managed to get the TLS cipher suite settings available in DRAC > 2.60.60.60 working? According to the documentation, any OpenSSL cipher > string should work, but none of the ones I have tried have changed offered > ciphers. > > > > In addition, setting “TLS 1.2 only” doesn’t seem to work; scanners show > that TLS 1.1 is still supported. > > > > I tried the following cipher strings: > > DHE-RSA-AES256-GCM-SHA384 (accepted by Web > I/F, but resulted in no changes to offered ciphers) > > TLSv1.2 > (Web IF > won’t accept it ) > > > > DRAC settings: > > SSL Encryption: 256-bit of higher > > TLS Protocol: TLS 1.2 Only > > Custom Cipher String: DHE-RSA-AES256-SHA256 > > > > testssl.sh scan results showing TLS 1.1 and a bunch of ciphers I did not > specify: > > > > *TLS 1.1* > > x39 DHE-RSA-AES256-SHA DH 1024 AES 256 > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > > x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 > TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA > > x35 AES256-SHA RSA AES 256 > TLS_RSA_WITH_AES_256_CBC_SHA > > x84 CAMELLIA256-SHA RSA Camellia 256 > TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > > *TLS 1.2* > > x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > > x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > > x39 DHE-RSA-AES256-SHA DH 1024 AES 256 > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > > x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 > TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA > > x9d AES256-GCM-SHA384 RSA AESGCM 256 > TLS_RSA_WITH_AES_256_GCM_SHA384 > > x3d AES256-SHA256 RSA AES 256 > TLS_RSA_WITH_AES_256_CBC_SHA256 > > x35 AES256-SHA RSA AES 256 > TLS_RSA_WITH_AES_256_CBC_SHA > > x84 CAMELLIA256-SHA RSA Camellia 256 > TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > > > > > > Documentation: > > > https://www.dell.com/support/manuals/us/en/04/poweredge-r420/idrac_2.60.60.60_ug_pub/configuring-cipher-suite-selection-using-idrac-web-interface?guid=guid-0329847b-9a9b-462b-b0f8-e38f0889e05c&lang=en-us > > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > -- Tech III * AppControl * Endpoint Protection * Server Maintenance Buncombe County Schools Technology Department Network Group ComicSans Awareness Campaign <http://comicsanscriminal.com>
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
