Unsolved
This post is more than 5 years old
4 Posts
0
3311
September 23rd, 2017 10:00
Request: DRAC5 firmware update with SSL/TLS update
DRAC5 firmware 1.65 and below are vulnerable to multiple attacks including BEAST and POODLE. Please provide a new firmware version with a web server that:
• disables SSLv3 and TLS 1.0
• enables TLS 1.2
• disables RC4
• No longer uses common DH primes
More details can be see by putting your hostname into the SSL Labs test tool at https://www.ssllabs.com/ssltest/.
Further, update the remote console so it works with Java 1.8 without the jdk.certpath.disabledAlgorithms and jdk.tls.disabledAlgorithms workarounds.
I understand that this is old hardware. Considering the number and severity of the problems, I ask that you reconsider and ship a new upgrade.
No Events found!
paulschreiber
4 Posts
0
September 25th, 2017 10:00
The problem I'm reporting is with the DRAC5 web interface. This problem occurs regardless of what server(s) the card is installed in.
I am using a PowerEdge R300. That has no effect on the behaviour of the card.
Paul
paulschreiber
4 Posts
0
September 25th, 2017 11:00
Please re-read my original message. It begins "DRAC5 firmware 1.65 and below…".
I have the current firmware installed. I'm asking you to release a new version that fixes the problems I mentioned.
I am not asking you what the current version is or how to install it, which is what you appear to be answering.
Artemy12
2 Posts
1
December 17th, 2018 07:00
Hello!
Sorry for updating an old request, but have you got any decision for that issue? I need the same. Thanks.
cinnion
1 Message
0
December 22nd, 2018 22:00
I would second Artemy12. I know quite a few places which are still using Dell 2950 servers, sometimes by the thousands, because they still run great and paying for newer hardware is not an option. Some of these places are universities, non-profits, and similar groups, where such upgrades would involve battling for already scarce funds. And given the "SSL Everywhere" effort being pushed by Google and others, this becomes an even bigger issue.
Failing releasing a generally available firmware update for the DRAC (and no, this has absolutely nothing to do with the server into which the DRAC is installed), perhaps releasing to the community what it would take to produce new firmware with such a fix would be possible. There are those of us out here who actually would have the expertise to build new versions of the firmware were the source available (I myself have had jobs where producing such firmware for equipment ranging from IP network switches to massive phone messaging servers was a part of my assigned duties, and I know there have to be others out there as well with similar expertise.).
Artemy12
2 Posts
0
December 23rd, 2018 12:00
Looks like that piece of steel is not interesting to Dell any more. Anyway, waiting for reply.
And additionally, i have problem just like in this topic: https://www.dell.com/community/Systems-Management-General/DRAC-5-Popup-with-No-Signal/td-p/2809446