Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

Speeddymon

1 Rookie

 • 

19 Posts

2827

March 5th, 2018 15:00

racadm lowerencryptionbitlength

We have some R720 servers with iDRAC7 Monolithic.

They are running firmware 2.50.50.50 (build 33)

We are looking to tighten up security on these servers' iDRAC controllers.

We have set the TLS protocol for the webserver to TLS 1.2 or higher, and set the SSL Encryption Bit Length to 256-Bit or higher.

We cannot figure out what the below (highlighted) setting does though. Any help is appreciated.

 

 
 
  Enabled
 
 
 
  80
 
 
 
  443
 
 
 
  1800
 
 
  
   Enabled
  
 
 
  Enabled
 
 
 
  256-Bit or higher
 
 
 
  TLS 1.2 Only

 

 

DELL-Shine K

4 Operator

 • 

3K Posts

March 16th, 2018 02:00

SSLEncryptionLength and lowerencryptionlength attributes are similar.

SSL Encryption is latest attribute having more options to select between Auto Negotiate, 128 Bit or Higher, 168 Bit or Higher and 256 Bit or Higher. 

lowerencryptionlength  is an older attribute which can only select between Auto Negotiate and 128 Bit or Higher. This is a Boolean setting If enabled it will be 128 Bit or Higher. If disabled it will be Auto Negotiate. By default this setting will be enabled.

Speeddymon

1 Rookie

 • 

19 Posts

March 6th, 2018 07:00

Chris,

Unfortunately that doesn't answer the question. That document is something I already read. What is meant by that wording? It's not very clear.

To be clear on what I am asking; there are 3 settings for Encryption that are specific to the web server.


  Enabled
  
256-Bit or higher
 
TLS 1.2 Only

2 of these have similar names... "LowerEncryptionBitLength" and "SSLEncryptionBitLength"

Clearly, SSLEncryptionBitLength is for SSL connections (really for TLS since SSL is obsoleted by TLS), and basically defines which ciphers the web server is allowed to use.

Moreover, TLSProtocol is also obviously for defining what protocol the web server is allowed to use for TLS connections.

What I am trying to figure out is: What is meant by Lower Encryption?

Speeddymon

1 Rookie

 • 

19 Posts

March 7th, 2018 08:00

Chris,

 

Updated my last comment to be more verbose. Please advise.

Speeddymon

1 Rookie

 • 

19 Posts

March 12th, 2018 23:00

Hi Chris,

Thanks for the update. That definitely answers part of the question.

The next part of the question is:

Given that we have settings for both TLS protocol, and SSL encryption bit length, what exactly is meant by "lower" encryption bit length? What I mean is, what is "lower" encryption?

Keep in mind, that this is a setting specific to the web server, just like TLS protocol and SSL bit length.

I did try to discover this on my own by running an nmap against port 443 on the iDRAC, but I can only see a difference when changing the TLS Protocol to a lower value, or changing the SSL Encryption Bit Length to a lower value. Doing that makes TLS 1.0 available along with several ciphers which are known to be weak, while changing the "lower" setting, seems to have no effect on the protocol and ciphers available.

So, with all of that in mind, what is "lower" encryption? What encryption is this setting affecting? How can I test a difference between the values?

Was this post helpful?

View All

0 events found

No Events found!

Top