cancel
Showing results for 
Search instead for 
Did you mean: 

ILO Encryption

 
SOLVED
Go to solution
DrNick
Occasional Visitor

ILO Encryption

During a security assessment, it was determined some of our ILO modules were allowing connections with Export level ciphers.  Due to some risks with those types of ciphers, we'd like to turn off the ability of the ILOs to connect using them.

 

 

I cannot seem to find a way to disable those ciphers either in the GUI or CLI.  Is it possible to do so?  If it is, how do I do it?

 

Thanks!

3 REPLIES
Oscar A. Perez
Honored Contributor

Re: ILO Encryption

What iLO is this? iLO2, iLO3, iLO4?

 

You can set all these iLOs to "Enforce AES/3DES Encryption" but, the Internet Explorer browser will need the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy registry setting enabled before using this feature.




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
DrNick
Occasional Visitor

Re: ILO Encryption

They are ILO 2 and 3.

 

So the clients connecting need registry tweaks to force the rule?  The ILO won't just simply disable the cipher as an option?

 

Where do I need to go to Enforce it?  I have not been able to find anything in GUI or in the CLI guide.

 

Please let me know.  Thanks so much for your help!

Oscar A. Perez
Honored Contributor
Solution

Re: ILO Encryption

Log into iLO2/iLO3, click on Administrator tab -> Security -> Encryption then, enable Enforce AES/3DES Encryption.  iLO will reboot after applying this setting.

 

Clients require the registry change or they would get an error message when attempting to connect to iLO with a cipher that is not AES/3DES.




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!