Unsolved
This post is more than 5 years old
3 Posts
0
214564
Open manage SSL Ciphers
We have Open manage installed on all our servers and I am trying to tighten them down to only use strong encryption.
We deal with Credit Cards so are governed by PCI requirements. When I scan my servers they always tell me that Dell Open manage uses weak encryption and I need to change the ciphers that are allowed. Their solution is this;
SOLUTION: Disable support for LOW encryption ciphers.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
I have tried to find out what web server Open Mange runs without success. However I have found a file called
C:\Program Files\Dell\SysMgt\iws\config\keystore.ini which has the line
cipher_suites = in it. I have tried various ways to enter information here without success.
Does anybody know what syntax I should be using for this file or is there another way to only use strong encryption?
Thanks
Otte
OtteK
3 Posts
0
June 21st, 2007 13:00
Mihai R
1 Message
0
November 6th, 2015 15:00
Does anyone have a solution for the Linux install?
vigster72
1 Message
0
May 25th, 2016 10:00
Did you find out the linux fix?
Nlinley1
1 Message
0
July 20th, 2016 19:00
This discussion is a bit old, but I ran into this problem recently with versions 7.x of OMSA having RC4 and SSLv3 enabled. Installing 8.x will disable these by default.
mihairosu
1 Message
0
July 21st, 2016 08:00
Actually at that time, it seems that chrome may have relaxed its security requirements and the web GUI worked again just fine without any changes.
Cyberdiver
10 Posts
0
November 1st, 2017 16:00
Is there an official cipher statement for strong encryption. I think the cipher strings I see here have both the strong and the weak in them. I thought to strengthen involved removing the dhe_rsa options in the past. and I think the some of the cbc are the current issues with browsers.