BladeSystem Management Software

Re: Disable CBC mode cipher encryption , MD5 and 96-bit MAC algorithms

 
VicSSL
New Member

Re: Disable CBC mode cipher encryption , MD5 and 96-bit MAC algorithms

I need to disable the SSLv3/TLSv1 Supports CBC Mode Ciphers on HP 7000 Enclosure OA. 

1 REPLY 1
Phillip Thayer
Esteemed Contributor

Re: Disable CBC mode cipher encryption , MD5 and 96-bit MAC algorithms

To do this you will have to put your enclosdure into FIPS mode.  This is not an esy thing to do because it will reset your enclosure to Factory Defaults.  Once in FIPS mode there is a command at the OS CLI "SET SSL" that will allow you to turn different cyphers on or off.

 

Research what is reuired for FIPS mode and make 100% sure your enclosure can be put into FIPS mode without having problems.  Download a copy of the configuration script before putting into FIPS mode so you can fall back to a good configuration.  Also, when you turn on FIPS mode you can edit a copy of the config file and set FIPS mode on.  Then use it to set your enclosure back to what you had, but with FIPS mode on.  EXTREME CAUTION SHOULD BE USED.

 

Phil

Once it's in production it's all bugs after that.