iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

David Allonby · ‎01-20-2011

Hi All,
has anyone seen this before...

I have 51 HP servers all with iLO version2 which fail PCI scanning due to TLS renegotiation being available on the iLO port..

i upgraded to 2.05 firmware for the iLOs but it fixes everything but the TLS renegotiation...

has anyone any ideas???

cheers

Michael Leu · ‎01-21-2011

One possibilty to get this fixed would be to report it to the official channels at HP:

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key

Oscar A. Perez · ‎02-11-2011

I'm working on a new build that has SSL/TLS key renegotiation disabled. So far, it solves the CVE-2009-3555 vulnerability but needs a lot more testing.

__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability