- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Re: ILO Encryption
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2012 09:51 AM
06-22-2012 09:51 AM
During a security assessment, it was determined some of our ILO modules were allowing connections with Export level ciphers. Due to some risks with those types of ciphers, we'd like to turn off the ability of the ILOs to connect using them.
I cannot seem to find a way to disable those ciphers either in the GUI or CLI. Is it possible to do so? If it is, how do I do it?
Thanks!
Solved! Go to Solution.
- Tags:
- encryption
- iLO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2012 10:40 AM
06-22-2012 10:40 AM
Re: ILO Encryption
What iLO is this? iLO2, iLO3, iLO4?
You can set all these iLOs to "Enforce AES/3DES Encryption" but, the Internet Explorer browser will need the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy registry setting enabled before using this feature.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2012 11:21 AM
06-22-2012 11:21 AM
Re: ILO Encryption
They are ILO 2 and 3.
So the clients connecting need registry tweaks to force the rule? The ILO won't just simply disable the cipher as an option?
Where do I need to go to Enforce it? I have not been able to find anything in GUI or in the CLI guide.
Please let me know. Thanks so much for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2012 12:12 PM - edited 06-22-2012 12:12 PM
06-22-2012 12:12 PM - edited 06-22-2012 12:12 PM
SolutionLog into iLO2/iLO3, click on Administrator tab -> Security -> Encryption then, enable Enforce AES/3DES Encryption. iLO will reboot after applying this setting.
Clients require the registry change or they would get an error message when attempting to connect to iLO with a cipher that is not AES/3DES.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!