Dell iDRAC Service Module Security Configuration Guide

Cryptographic configuration options

There are no interface options in iSM to configure cryptographic algorithms. iSM relies on the native algorithms available for handshake on the operating system. These algorithms are to be selected by the administrator based on security best practices.

Table 1. Default cryptographic configurationThis table describes the default cryptographic configuration.
Attribute	Description
Protocol	TLS 1.2 for iSM 4.1.0.0 which is lesser or equal. TLS 1.2 for operating system that does not support TLS 1.3. TLS 1.3 for iSM 4.2.0.0 or later along with operating system crypto module support for TLS 1.3.
Cipher	Operating system default cipher is used.
Cipher strength	Operating system default cipher strength is used.
Hash	Operating system default cipher hash is used.
Key exchange	Operating system default cipher key exchange is used.

Table 2. TLSv1.3 ciphers supported by iDRAC firmware version 5.10.00.00 and later This table describes the TLSv1.3 ciphers that are supported by iDRAC firmware version 5.10.00.00 and later.
iDRAC firmware version 5.10.00.00 and later
TLSv1.3: ciphers: TLS v1.3 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256

Table 3. TLS ciphers supported by iDRAC firmware older than version 4.40.10This table describes the TLS ciphers that are supported by iDRAC firmware older than version 4.40.10.
iDRAC older than 4.40.10
TLSv1.2: ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A

Table 3. TLS ciphers supported by iDRAC firmware older than version 4.40.10This table describes the TLS ciphers that are supported by iDRAC firmware older than version 4.40.10.

iDRAC older than 4.40.10

TLSv1.2:

ciphers:

TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C
TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C
TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C
TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A

Table 4. TLS ciphers supported by iDRAC firmware version 4.40.10 and later This table describes the TLS ciphers that are supported by iDRAC firmware version 4.40.10 and later.
iDRAC 4.40.10 and later
TLSv1.2: ciphers TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(secp256r1)-C TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(secp256r1)-A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(secp256r1)-A TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(secp256r1)-A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(secp256r1)-A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(secp256r1)-A TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(secp256r1)-A LS_ECDHE_RSA_WITH_RC4_128_SHA(secp256r1)-C TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A

Table 4. TLS ciphers supported by iDRAC firmware version 4.40.10 and later This table describes the TLS ciphers that are supported by iDRAC firmware version 4.40.10 and later.

iDRAC 4.40.10 and later

TLSv1.2:

ciphers

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(secp256r1)-C
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(secp256r1)-A
LS_ECDHE_RSA_WITH_RC4_128_SHA(secp256r1)-C
TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C
TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C
TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C
TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A

Dell iDRAC Service Module Security Configuration Guide

Cryptographic configuration options

Rate this content