Was an answer ever found for this?  We're running into the same problem with our iDRAC's.  They are showing up as: "SSL Weak Cipher Suites Supported" and "SSL Medium Strength Cipher Suites Supported" in our network security scans.  Thanks.

We are having the same issues, even after upgrading to the latest DRAC Firmware and BIOS.  Here is the DRAC version:

In case you are not familiar with this problem, more information can be found, here: 

We need to get these violations remediated asap.  Someone, please advise.

Raymond.

Similar problem: SSL Weak Cipher Suites Supported

www.tenable.com/.../index.php

We have a new feature in iDRAC6 FW 1.95 onwards where user can disable weaker encryption and force encryption with 128Bit and Higher. You can configure this setting from iDRAC GUI (iDRAC Setting -> Network/Security -> Services page). "SSL Encryption" attribute under "Web Server" section used for configuring this feature. If you configure this attribute to "128 - Bit or Higher" only 128 bit and above encryption will be supported for iDRAC.

You can download iDRAC6 1.95 firmware from here

Your management systems (iDRAC's) should be on a separate network (vlan) and segmented off through a network firewall that restricts access to CL5 (or defined) users ips. I would hope you don't expose these externally, if that is the case then you should pull them off any external interface.

This removes them from scope of the scan.