On Thu, May 10, 2018 at 12:09:22PM -0400, R S wrote:
> Nah, the SSL/TLS backend in the iDRAC6 most likely needs to be updated and
> that will fix it (see other email thread from Mr. S. Smoogen). Instead we
> are insecuring our Java clients to make it work with insecure iDRAC6.
> If it were
That doesn't work for me. We all have different configurations which might
play into this. 3DES_EDE_CBC is not even used if I read the the output of
TestSSL correctly.
I took a different approach and started with disabling MD5 as this is what
the default iDRAC6 cert uses. I also upgraded OpenJDK8
Nice. Thanks for pointing this out. Huge help. Here's the output. Output of
red/warnings that might be related to the issue are bolded.
~/AppImages/testssl.sh-2.9 $ ./testssl.sh $IP of iDRAC6$
###
testssl.sh 3.0beta from
hi Dave
do you have some update(s) on that front?
many thanks, L.
On 03/05/18 15:52, david.waggo...@dell.com wrote:
Thanks for bringing this to our attention. We are investigating the Spectre
mitigations in our R715/815 BIOS. I'll provide further updates once we are
clear on exactly
Thanks for this information.
I'd like to point out that 3DES is considered weak, so enabling it should be a
last resort.
I sincerely hope Dell will keep their SSL/TLS stuff up to date: it changes all
the time.
Cheers,
Onno
> On 15 May 2018, at 20:17, Gould, Josh wrote:
>