- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: ILO 3 1.82
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-01-2015 10:09 PM
тАО06-01-2015 10:09 PM
ILO 3 1.82
It seems that both powershell and rhloe scripting gets broken when you upgrade a ilo3 to 1.82.
I have the option of going back to 1.8 (which restores functionality) or waiting for a newer version to fix this.
Only problem is how can I automate several hundred blade firmware changes when scripting is broken?
Also anyone have any ideas of a workaround or a way to fix the broken functionality>?
- Tags:
- iLO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-04-2015 07:05 AM - edited тАО06-04-2015 07:07 AM
тАО06-04-2015 07:05 AM - edited тАО06-04-2015 07:07 AM
Re: ILO 3 1.82
What scripting tool are you using?
We were forced to disable SSLv3 in all our iLO because, the lazy port scanners began flagging iLOs as vulnerable to POODLE. (POODLE is a MITM vulnerability that can only be exploited on Web Browsers that support SSLv3, not webservers. And these port scanners cannot test web browsers so they turned their attention to the webservers).
If you are using the hponcfg from the OA CLI, you need to upgrade OA to version 4.30 or later. The hponcfg in older OA versions only used SSLv3 to connect to iLO.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-05-2015 12:47 PM
тАО06-05-2015 12:47 PM
Re: iLO 3 1.82
>We were forced to disable SSLv3 in all our iLO because, the lazy port scanners began flagging iLOs as vulnerable to POODLE.
That's NOT how the security mindset works. If you provide telnet access to iLO and a customer uses it, who gets dinged as a security flaw?
So if you disallow SSLv3, problem is gone.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2015 01:38 PM - edited тАО06-09-2015 08:01 PM
тАО06-08-2015 01:38 PM - edited тАО06-09-2015 08:01 PM
Re: iLO 3 1.82
@Dennis Handly wrote:>We were forced to disable SSLv3 in all our iLO because, the lazy port scanners began flagging iLOs as vulnerable to POODLE.
That's NOT how the security mindset works. If you provide telnet access to iLO and a customer uses it, who gets dinged as a security flaw?
So if you disallow SSLv3, problem is gone.
Speaking of security mindset, how do you explain that these very same lazy port scanners that are making a big deal about POODLE won't even warn users with Self-Signed SSL Certificates that as long as they have those Certs in place, they are vulnerable to MITM attacks regardless of POODLE?
Any adversary with 2 inches of forehead isn't going to waste one second trying to exploit any of these scary MITM attacks with All-CAPS letters we read on the news, if your webserver is presenting an "untrusted" SSL Certificate. All the attacker needs to do is to create a fake Cert with your server info in the Subject and then, present that fake certificate to users who will gladly ignore the annoying browser warnings about untrusted websites.
And yet, these scanners flag POODLE as high risk but, where in the scanner report do you find a warning that your users could be just one-click away from allowing MITM attackers to take over their SSL/TLS connections because of the use of "untrusted" SSL Certificates in their environment?
Sorry but, it is not the security mindset what drives these port scanner companies, it is the profit motive. Reporting issues that require their own customer base to do painful configuration changes to their entire environment (setting up a PKI and issue certs for everything) does not sell. What sells is to flag third party vendors as vulnerable, even when isn't true or, when there are simple configuration changes can take care of the problem without breaking backward compatability like in this case.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2017 12:56 PM
тАО08-31-2017 12:56 PM
Re: ILO 3 1.82
Oscar, I know this is an old post, but how did you disable SSL3 on ILO3? We tried the "Enforce AES/3DES Encryption" option in the GUI, but SSL3 is still enabled after this.
From what I can tell, you have to disable SSL3 through the ILO command line, but I'm unable to find any information on how to do this.
If you remember the specific command or can point me in the right direction, that would be very helpful.
Thanks