Start a Conversation

Unsolved

87 Posts

25

January 22nd, 2024 21:24

Weak ciphers in PowerStore BMC TCP ports

Hi - my company's scanning software reports that a weak cipher (TLS_RSA_WITH_3DES_EDE_CBC_SHA) is being used on port 443 of the two IP addresses used for the PowerStore 500T BMC. I can't find any documentation on how to change the BMC port's cipher list and get rid of this weak cipher. Help, please!

Thanks

tl

Moderator

 • 

8.5K Posts

January 23rd, 2024 14:10

Hi,

Thanks for your question.

What OS version are you on? I don’t see any commands to change the ciphers so updating may be the only way.

 

Let us know if you have any additional questions.

87 Posts

January 23rd, 2024 15:45

Hi Josh - thanks for the reply. Looking at the Storage Manager UI, I see the 'SW Version' is 3.6.0.0. Not sure how to see the version with the build number?

87 Posts

January 23rd, 2024 15:48

Found it: 3.6.0.0 (Release, Build 2145637, 2023-09-14 07:28:54, Retail)

Moderator

 • 

8.5K Posts

January 23rd, 2024 16:12

Thanks, that is up to date. Go to https://dell.to/3SdzrHR then go to PowerStore and under Miscellaneous security config guide. Page 88 and make sure TLS 1.1 is disabled.

87 Posts

January 23rd, 2024 16:28

Hi Josh - using Storage Manager, I verified (in https://{hostname}/#/settings/tls) that TLS 1.1 is set to Disabled.

BTW, the vulnerability in trying to address is CVE-2016-2183.

Thanks!

tl

Moderator

 • 

8.5K Posts

January 23rd, 2024 17:05

I don’t see a fix for that CVE for Powerstore. https://dell.to/3SE7M4p this is the most recent update for PowerStore. https://dell.to/4b8UUdr May be worth calling phone support and reporting it.

87 Posts

January 23rd, 2024 17:24

Got it. Thanks very much for the support, Josh!

tl

No Events found!

Top