https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698701#M130956 <P>They are ILO 2 and 3.</P><P>&nbsp;</P><P>So the clients connecting need registry tweaks to force the rule?&nbsp; The ILO won't just simply disable the cipher as an option?</P><P>&nbsp;</P><P>Where do I need to go to Enforce it?&nbsp; I have not been able to find anything in GUI or in the CLI guide.</P><P>&nbsp;</P><P>Please let me know.&nbsp; Thanks so much for your help!</P> Fri, 22 Jun 2012 18:21:41 GMT DrNick 2012-06-22T18:21:41Z https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698655#M130953 <P>During a security assessment, it was determined some of our ILO modules were allowing connections with Export level ciphers.&nbsp; Due to some risks with those types of ciphers, we'd like to turn off the ability of the ILOs to connect using them.</P><P>&nbsp;</P><P>&nbsp;</P><P>I cannot seem to find a way to disable those ciphers either in the GUI or CLI.&nbsp; Is it possible to do so?&nbsp; If it is, how do I do it?</P><P>&nbsp;</P><P>Thanks!</P> Fri, 22 Jun 2012 16:51:00 GMT https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698655#M130953 DrNick 2012-06-22T16:51:00Z https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698675#M130954 <P>What iLO is this? iLO2, iLO3, iLO4?</P><P>&nbsp;</P><P>You can&nbsp;set all these iLOs to "Enforce AES/3DES Encryption" but, the Internet Explorer&nbsp;browser will need the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy registry setting enabled before using this feature.</P> Fri, 22 Jun 2012 17:40:59 GMT https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698675#M130954 Oscar A. Perez 2012-06-22T17:40:59Z https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698701#M130956 <P>They are ILO 2 and 3.</P><P>&nbsp;</P><P>So the clients connecting need registry tweaks to force the rule?&nbsp; The ILO won't just simply disable the cipher as an option?</P><P>&nbsp;</P><P>Where do I need to go to Enforce it?&nbsp; I have not been able to find anything in GUI or in the CLI guide.</P><P>&nbsp;</P><P>Please let me know.&nbsp; Thanks so much for your help!</P> Fri, 22 Jun 2012 18:21:41 GMT https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698701#M130956 DrNick 2012-06-22T18:21:41Z https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698719#M130957 <P>Log into iLO2/iLO3,&nbsp;click on Administrator tab -&gt; Security -&gt; Encryption then, enable Enforce AES/3DES Encryption.&nbsp; iLO will reboot after applying this setting.</P><P>&nbsp;</P><P>Clients&nbsp;require the registry change or they&nbsp;would get&nbsp;an error message&nbsp;when&nbsp;attempting to connect to&nbsp;iLO with a cipher that is not AES/3DES.</P> Fri, 22 Jun 2012 19:12:31 GMT https://community.hpe.com/t5/proliant-servers-ml-dl-sl/ilo-encryption/m-p/5698719#M130957 Oscar A. Perez 2012-06-22T19:12:31Z