- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- ILO 4 - Disable Weak Ciphers
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2023 10:24 AM - last edited on 08-20-2023 09:02 PM by support_s
08-18-2023 10:24 AM - last edited on 08-20-2023 09:02 PM by support_s
ILO 4 - Disable Weak Ciphers
How do you disable the ciphers listed below on ILO 4 on DL 380 Gen 9?
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
I have upgraded ILO 4 firmware to version Windows 64bit -- 2.82 . I have also enabled AES/3DES enncryption enforement.
Also , how do you enable TLS v1.3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2023 11:25 AM
08-18-2023 11:25 AM
Query: ILO 4 - Disable Weak Ciphers
System recommended content:
Please click on "Thumbs Up/Kudo" icon to give a "Kudo".
Thank you for being a HPE valuable community member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2023 12:05 PM
08-18-2023 12:05 PM
Re: Query: ILO 4 - Disable Weak Ciphers
Thank you for responding yet you provided the ILO documentation for version 5. Note, I have a ILO V 4 and have already looked at version 4 documentation yet unable to find solution.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2023 11:45 PM - edited 08-19-2023 12:34 AM
08-18-2023 11:45 PM - edited 08-19-2023 12:34 AM
Re: Query: ILO 4 - Disable Weak Ciphers
Hi gil3,
Please refer the following iLO4 encryption details and refer this for 'Modifying the AES/DES encryption setting'.
Upgrade the Server's iLO 4 version to 2.82.
Regards,
Shiva_JR
Please mark as 'Accepted solution' if my post worked and give me the Kudos.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2023 12:59 PM - last edited on 08-23-2023 09:59 PM by Sunitha_Mod
08-23-2023 12:59 PM - last edited on 08-23-2023 09:59 PM by Sunitha_Mod
Re: Query: ILO 4 - Disable Weak Ciphers
@shiva_jr Re: Query: ILO 4 - Disable Weak Ciphers
Thank you for responding yet you provided the ILO documentation for version 5. Note, I have a ILO V 4 and have already looked at version 4 documentation yet unable to find solution. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2023 07:01 AM
08-24-2023 07:01 AM
Re: Query: ILO 4 - Disable Weak Ciphers
If you look at the first link Shiva provided, I don't think it is possible with iLO 4 (at least according to that document). Even in FIPs mode those ciphers are used. Maybe that will change with a newer firmware, but I would not count on it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2023 03:25 AM
08-30-2023 03:25 AM
Re: ILO 4 - Disable Weak Ciphers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2023 01:57 AM
09-08-2023 01:57 AM
Re: ILO 4 - Disable Weak Ciphers
Good day!
To disable weak ciphers on an HPE iLO 4 management interface on a DL380 Gen9 server, you'll typically need to access the iLO web interface and make changes in the SSL/TLS settings. Here's a step-by-step guide:
>> Access the iLO Web Interface:
a. Open a web browser on a computer connected to the same network as the server.
b. Enter the IP address or hostname of the iLO interface into the address bar.
c. Log in to the iLO web interface using your administrative credentials.
>> Once logged in, look for the SSL/TLS configuration settings. The exact location of these settings may vary slightly depending on the iLO firmware version and interface layout. Generally, you should find them under the Security or Security Settings section.
>> Disable Weak Ciphers.
a. In the SSL/TLS configuration settings, you should find a list of supported ciphers. Locate the entries for the ciphers you want to disable: DHE-RSA-AES128-GCM-SHA256 and DHE-RSA-AES256-GCM-SHA384.
b. Disable these ciphers by either unchecking their checkboxes or selecting an option that removes them from the list. The specific steps may vary depending on the iLO firmware version, but there should be an option to manage the list of ciphers.Save your changes.
>> TLS 1.3 support depends on both the iLO firmware version and the server's hardware capabilities. To enable TLS 1.3, you need to check if your iLO firmware supports it.
a. In the SSL/TLS configuration settings, look for an option to select the TLS version. If TLS 1.3 is supported and available, you should see it in the list of available versions.
b. If TLS 1.3 is available, select it as the preferred TLS version.Save your changes.
>> Some changes to SSL/TLS settings may require a reboot of the iLO for them to take effect. If prompted, follow the on-screen instructions to reboot the iLO.
>> After making these changes, it's a good practice to test the SSL/TLS configuration to ensure that the weak ciphers are disabled and TLS 1.3 is enabled as desired. You can use SSL/TLS testing tools or utilities like openssl to verify the configuration.
Make sure the exact steps and options may vary depending on your specific iLO firmware version, so refer to the user manual or documentation provided by HPE for your server and iLO version for the most accurate instructions. Additionally, always exercise caution when making changes to security settings on your server's management interface, as incorrect configurations could impact remote management access.
Hope this give some insights!