- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Re: ILO3 TLS 1.2 capabilities
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-28-2018 06:53 AM
тАО03-28-2018 06:53 AM
ILO3 TLS 1.2 capabilities
We have an HP Proliant DL360 G7 . we are looking to disable TLS 1.0 and 1.1 only leaving TLs 1.2 enabled.
Upgraded to the latest firmware and placed ILO in FIPS mode, but this did not enable TLS 1.2 , it only enabled TLS 1.1 exclusively.
Any suggesstions or input on how to configure the DL360 G7 to only use TLS 1.2 will be appreciated. Thank you.
- Tags:
- SSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2018 02:32 AM
тАО04-03-2018 02:32 AM
Re: ILO3 TLS 1.2 capabilities
Hi,
Here is the TLS support for ilo.
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00020426en_us
G7 server has iLO 3, which supports only TLS 1.0 and 1.1
Thank You!
I am a HPE employee
_________________________________________
Was the post useful? Click on the white KUDOS! Thumb below. Kudos is a way of saying thank you to a post.
// Useful Links for ProLiant Servers / Community FAQ / Rules of Participation / Servers Blog //
I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-19-2018 11:18 AM - last edited on тАО07-19-2018 11:36 PM by VidyaVI
тАО07-19-2018 11:18 AM - last edited on тАО07-19-2018 11:36 PM by VidyaVI
Re: ILO3 TLS 1.2 capabilities
@Suman_1978 wrote:
Hi,
Here is the TLS support for ilo.
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00020426en_usG7 server has iLO 3, which supports only TLS 1.0 and 1.1
Thank You!
I am a HPE employee
_________________________________________
Was the post useful? Click on the white KUDOS! Thumb below. Kudos is a way of saying thank you to a post.
// Useful Links for ProLiant Servers / Community FAQ / Rules of Participation / Servers Blog //
Obviously you dont support it but will you be adding support to it or should I just add this to the list of justifications for not purchasing any more HP servers as we replace our existing 250 G7 servers that have current HPE support contracts? Tls 1.0 and 1.1 both have security issues that were announced before the EOL of iLO 3 support and as such it should have been updated to use 1.2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2018 03:01 PM
тАО07-23-2018 03:01 PM
Re: ILO3 TLS 1.2 capabilities
New servers don't have iLO 3 in them. HPE ProLiant Gen8, Gen 9 and Gen10 servers have iLO 4 and iLO 5, which both support TLSv1.2
But iLO 3 did address the TLSv1.0 and TLSv1.1 issues.
iLO 3 implemented both the split record fix and TLS bad padding alert masking, which mitigate the IV implementation problems and the padding-check oracles which are the root cause problems for TLSv1.0 and TLSv1.1 (and TLSv1.2, actually in some implementations)
iLO 3 added the ability to disable the HTTPS webserver entirely, which certainly addresses the issues, and works well for some customers who are primarily using SSH for management.
It's worth mentioning that many such attacks require code injection, an active or forwarding man in the middle, and tens of thousands of requests made against iLO. Those tend to be impossible to practically execute on iLO's small processor/webserver with static page content.
If there truly are concerns about a man-in-the-middle; a properly trusted iLO SSL certificate and a policy of respecting the browser's warnings is necessary to defeat those attacks, regardless of the presence of TLSv1.2+.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2022 05:35 AM
тАО01-14-2022 05:35 AM
Re: ILO3 TLS 1.2 capabilities
This was the reason that Richard Stallman started the open-source movement, a vendor stopped supporting one of his devices.
If HP is going to abandon hardware and not provide basic security updates, they need to provide access for the community to be able to maintain the hardware that we have purchased.
HP had to see that anything other than TLS 1.2 would be required before ILO3 was abandoned, yet they didn't provide a way for their customers to fix the security of the devices.
We have servers with ILO3's and advanced packs that one has to find an old insecure browser to manage. This is getting harder and harder.
HP please step up or release the software code for devices to where the community can keep them running.