General

iLO 4 disable TLS v1.1 and 1.0

 
SOLVED
Go to solution
Rick_Meyer
Occasional Contributor

iLO 4 disable TLS v1.1 and 1.0

Hello,

I am new to administering iLO platforms. Our client has iLO 4 installed running the latest firmware (2.78). Their security team has several requirements for changes we need to make, among them is disabling any older versions of TLS. So we should only allow TLSv1.2. 

Is it possible to make this setting in the iLO Web interface? I can't find it anywhere. I did see some mention that I might need to do this from the Java Web Start app. However, when I try to access that in their test environment it says that I can't access it w/o a valid license. 

I have tried to enter the Trial license but when I enter it I get a message that it has already been used.

If I can only make this change in the Java Web Start Remote Console is it possible to reset the trial license so that I can make the change that they need?

Thanks,

Rick Meyer - Bottomline Technologies.

 

3 REPLIES 3
StorageMike
HPE Pro
Solution

Re: iLO 4 disable TLS v1.1 and 1.0

Hi

iLO is restricted to TLS v1.2 is enabled when IPS Mode or Enforce AES/3DES Encryption (https://support.hpe.com/hpesc/public/docDisplay?docId=c03334051 page 82)

Check page 86 https://www.ni.com/pdf/manuals/377263a.pdf for more info

Take a look at https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c05237563 before you enable it however

I work for HPE

Accept or Kudo

Rick_Meyer
Occasional Contributor

Re: iLO 4 disable TLS v1.1 and 1.0

Hi Mike,

Thanks for the reply. One follow up question, the documentation on the first link you provided says :

iLO supports the following ciphers when FIPS Mode or Enforce AES/3DES Encryption is enabled and iLO is restricted to TLS version 1.2.

That makes it sound like restricting to TLS version 1.2 is a separate setting from enabling FIPS Mode or Enforcing AES/3DES Encryption. Is that true? Or does setting those automatically restrict the TLS version to 1.2?

Rick

StorageMike
HPE Pro

Re: iLO 4 disable TLS v1.1 and 1.0

Hi

Agreed it's not the best wording. TLS 1.2 is enabled when you turn on FIPS Mode or Enforce AES/3DES Encryption

 

I work for HPE

Accept or Kudo