Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Occasional Visitor

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Hi All,
has anyone seen this before...

I have 51 HP servers all with iLO version2 which fail PCI scanning due to TLS renegotiation being available on the iLO port..

i upgraded to 2.05 firmware for the iLOs but it fixes everything but the TLS renegotiation...

has anyone any ideas???

cheers
2 REPLIES
Honored Contributor

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

One possibilty to get this fixed would be to report it to the official channels at HP:

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
---------------------------------------------------------------------------------
Navigation: Forum Site Map // ye olde ITRC Tree
@HP: please get rid of the Passport login timeout
Honored Contributor

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

I'm working on a new build that has SSL/TLS key renegotiation disabled. So far, it solves the CVE-2009-3555 vulnerability but needs a lot more testing.



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!