Vulnerability (SSH Weak Algorithms Supported) on iDRAC 6 with Firmware Version 2.85 & 2.91

Peter Fakory,

I believe the issue you are seeing is due to the iDrac supporting 64-bit ciphers by default which has 3EDS enabled. While normally on the later firmware versions it should have done this on its own, but could you configure SSL Encryption strength to 256 bit or higher (seen below) in IDRAC Settings->Network->Server->Web Server section.  This will disable 3DES along with other weaker ciphers.

Let me know how it goes, and what you see.

Thank you Chris for getting back to me.

Unfortunately, I see only 'SSL Encryption' option but I don't see the option 'TLS Protocol'. Do you have any idea why I don't see it?

Thank you,

Peter  

That changes the ciphers used by the web server, but not for ssh.  The only way I have been able to get our vulnerability scanner to stop complaining about ssh on the iDRACs is to disable ssh.  That's not ideal.  What can be done to improve the strength of the ssh algorithms?

Also, even when SSL and TLS on the web server are set to their highest security, there are still several weaknesses being reported.