Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

halninek

1 Message

167810

March 2nd, 2010 16:00

Enforce 128bit SSL on iDRAC web interface?

We are currently going through a PCI audit and a vulnerability scan of our environment shows that the DRAC interfaces on our Dell equipment support weak encryption.  Although the DRAC interface does support 128 and even 256 bit SSL, it also is capable of 40 and 56 bit which is unacceptable to the auditor.  I've confirmed this using the free SSLDigger utility from Foundstone.  The Dell Server Administrator software has a dropdown box that allows you to require 128 bit encryption but I can't seem to find an equivalent for the DRAC/iDRAC interface.  The one I'm testing is running the latest iDRAC firmware, version 1.5.  Does anyone know if it's possible to restrict the DRAC interface to only allow 128bit (or higher) encryption?

Thanks!

matt.manganello

1 Message

December 1st, 2010 08:00

Was an answer ever found for this?  We're running into the same problem with our iDRAC's.  They are showing up as: "SSL Weak Cipher Suites Supported" and "SSL Medium Strength Cipher Suites Supported" in our network security scans.  Thanks.

lleevveell66

1 Message

April 23rd, 2012 16:00

We are having the same issues, even after upgrading to the latest DRAC Firmware and BIOS.  Here is the DRAC version:

Integrated Dell Remote Access Controller 6 - Enterprise Version 1.80

© 2008-2011 Dell Inc. All rights reserved.

In case you are not familiar with this problem, more information can be found, here: 

http://cgi.nessus.org/nessus_id.php3?id=42873

We need to get these violations remediated asap.  Someone, please advise.

Raymond.

hamletmun

2 Posts

August 5th, 2013 10:00

Similar problem: SSL Weak Cipher Suites Supported

www.tenable.com/.../index.php

DELL-Shine K

4 Operator

 • 

3K Posts

August 5th, 2013 11:00

We have a new feature in iDRAC6 FW 1.95 onwards where user can disable weaker encryption and force encryption with 128Bit and Higher. You can configure this setting from iDRAC GUI (iDRAC Setting -> Network/Security -> Services page). "SSL Encryption" attribute under "Web Server" section used for configuring this feature. If you configure this attribute to "128 - Bit or Higher" only 128 bit and above encryption will be supported for iDRAC.

You can download iDRAC6 1.95 firmware from here

asyntax

5 Posts

August 8th, 2013 14:00

Your management systems (iDRAC's) should be on a separate network (vlan) and segmented off through a network firewall that restricts access to CL5 (or defined) users ips. I would hope you don't expose these externally, if that is the case then you should pull them off any external interface.

This removes them from scope of the scan.

View More

View All

No Events found!

Top