Highlighted
TwilightHan
Bronze

DRAC 5 card erroring out. Error when reading from SSL socket connection

I have a 2900 Rack Mount server.
 
I have a DRAC 5 card inside.
 
I can connect fine to the DRAC card and do everything remotely, but it eventually stops allowing me to connect. If I stay connected in the console, I will get the following session error:
 
"Error when reading from SSL socket connection."
 
This happens after 30-45 minutes.
 
AFter this, I cannot connect to the console and after trying to connect it will error out saying session timed out.
 
I have to manually do a racadm -racreset to reset the drac dell remote access card and then the console starts working again.
 
The web interface always works... it's just the console that errors out.
 
If I reset the drac card and never connect to it, it will eventually not let me connect to the console and will require another racadm racreset.
 
Anyone else have this problem?
 
Thanks
 
Twilighthan
0 Kudos
16 Replies

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

I have the same problem.  Recently I needed log in and low and behold no deal.  Go figure.

We have two servers a 2950 and a 1950 running the DRAC 1.65 firmware. The Dell 1950’s DRAC is fine but the 2950 which needs help is not.  They were updated to 1.65 a while back and both worked perfectly.

Anyway I have downgraded the 2950 to the 1.60 firmware and still have the “Error when reading from SSL socket Connection” only with the console redirection. The virtual media works fine.  These DRACs always seem to be a problem when you need them.  On the other hand I suppose that’s pretty good security. LOL.

I’ll repost more as soon as I find the issue and the solution.

Tags (2)
bmasuda
Bronze

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

please post back when and if you figure out the problem. i have a PE2900-II and III that recently would no longer give me virtual consoles with the Java app. It literally worked just a few days ago, but stopped working on all PE2900 systems. I was on an older firmware, so I thought maybe there's a cert that had expired and updated to the 1.65 firmware tonight. Although I no longer get the Java app just exiting (which I think was caused by an expired cert), I now get the "Error when reading from SSL socket connection".


I'm using Firefox 35.0 with Oracle JDK 1.8.0_31 javaws on Linux.

0 Kudos
tauneutrino
Copper

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

I'm having the same issue on a PE1950. The Java console says the following interesting SSL-related things: 

01/29/2015 02:26:33:355: SSL: context protocol = SSLv3

01/29/2015 02:26:33:717: SSLv2Hello
01/29/2015 02:26:33:718: SSLv3
01/29/2015 02:26:33:718: TLSv1
01/29/2015 02:26:33:718: TLSv1.1
01/29/2015 02:26:33:718: TLSv1.2

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Java versions (Windows 7): 

Java Web Start 11.31.2.13
Using JRE version 1.8.0_31-b13 Java HotSpot(TM) Client VM

My guess would be that the later version(s) of Java are trying to prevent connections on lesser protocols and cipher suites. You can see the supported Cipher Suites by analysing your own DRAC at https://www.ssllabs.com/ssltest/

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

I was having the same problem, and I fixed it by enabling SSLv3 for java 6. I did that by editing

/etc/java-6-openjdk/security/java.security

and commenting out the line

jdk.tls.disabledAlgorithms=SSLv3

by putting a "#" in front of it. After that I could connect to the idrac5 console.

This change does enable the insecure SSLv3 protocol, so the line should probably be returned to default (SSLv3 disabled) after you're done with the idrac5 console.

bmasuda
Bronze

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

I can confirm, enabling SSLv3 solved the problem. Although I'm glad to have a way to have the DRAC virtual console work again, it's not comforting that SSLv3 has to be re-enabled, especially in a Java application!

Does Dell monitor these discussions? If so, I hope that Dell considers a firmware update to the DRAC that will use TLS and not require SSLv3.

0 Kudos
n17ikh
Copper

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

The corresponding file (at least on my install) for Windows is at C:\Program Files (x86)\Java\jre1.8.0_31\lib\security\java.security .


The jdk.tls.disabledAlgorithms line that needs to be commented out is at the bottom of the file. I agree that Dell needs to update the DRAC5 to support newer ciphers..

GVRATech
Copper

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

This worked it for me also, after upgrading to the latest DRAC 5 FW it broke this functionality.

Thanks to those who posted the fix!..

0 Kudos
RandomReado
Bronze

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

I'm also experiencing the problem, however downgrading to Java 8 U25 resolved the problem. U31 and U40 both don't work.

RE: DRAC 5 card erroring out. Error when reading from SSL socket connection

thanks!!

that worked great.

0 Kudos