HPE Community
HPE OneView
1825712 Members
3074 Online
109686 Solutions
New Discussion

Re: How to set new Option "DisableWeakCyphers" with REST Error iLo5

 
SOLVED
Go to solution
Marcel_D
Advisor

‎02-07-2024 02:04 AM - last edited on ‎02-18-2024 08:09 PM by

‎02-07-2024 02:04 AM - last edited on ‎02-18-2024 08:09 PM by

How to set new Option "DisableWeakCyphers" with REST Error iLo5

Hi,

I'm trying to Enable the DisableWeakCyphers-Option with a REST Request, but getting an Error on Execution.

        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
        $bodycred = @{
            "UserName"= $ilocred.UserName
            "Password"=$ilocred.GetNetworkCredential().Password
        } | ConvertTo-Json
  
        $session = Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Sessions" -Method Post -Body $bodycred -ContentType "application/json" -UseBasicParsing -ErrorAction Stop 
        $AuthHeaders = @{ "X-Auth-Token" = $Session.Headers.'X-Auth-Token' }
        $body =  '{
                        "DisableWeakCiphers":"True",
                        "TLSVersion": {
                            "TLS1_0":"Disabled",
                            "TLS1_1":"Disabled"
                        }
                    }' 

        Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Managers/1/SecurityService/" -Method Patch -Body $body -Headers $AuthHeaders -ContentType "application/json"

Invoke-WebRequest : The remote server returned an error: (400) Bad Request.

It works, with only setting the TLS-Versions. Am I missing something or is this not possible with REST, yet?

  iLo Firmware Version 3.01 Jan 23 2024

0 Kudos
Reply
3 REPLIES 3
Kashyap02
HPE Pro

‎02-12-2024 05:16 PM

‎02-12-2024 05:16 PM

Re: How to set new Option "DisableWeakCyphers" with REST Error iLo5

Hi Marcel,

Good day!

We've discovered that TLS 1.1 and TLS 1.2 can be disabled via REST API. Please try the script below with the IP and credentials of your iLO server.

If it doesn't work, please log a new case with HPE, providing the specific server details. Our team will assist you in resolving the issue.


# Set TLS version [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # Create session $bodycred = @{ "UserName" = $ilocred.UserName "Password" = $ilocred.GetNetworkCredential().Password } | ConvertTo-Json $session = Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Sessions" -Method Post -Body $bodycred -ContentType "application/json" -UseBasicParsing -ErrorAction Stop $AuthHeaders = @{ "X-Auth-Token" = $Session.Headers.'X-Auth-Token' } # Set options $optionsBody = @{ "DisableWeakCiphers" = $true "TLSVersion" = @{ "TLS1_0" = "Disabled" "TLS1_1" = "Disabled" } } | ConvertTo-Json # Patch request $response = Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Managers/1/SecurityService/" -Method Patch -Body $optionsBody -Headers $AuthHeaders -ContentType "application/json" if ($response.StatusCode -eq 200) { Write-Host "Options set successfully." } else { Write-Host "Error: $($response.StatusCode) - $($response.StatusDescription)" Write-Host "Response content: $($response.Content)" }

I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Marcel_D
Advisor

‎02-15-2024 03:15 AM

‎02-15-2024 03:15 AM

Solution

Re: How to set new Option "DisableWeakCyphers" with REST Error iLo5

That didn't work either, but I#ve found the solution.

By setting the DisableWeakCiphers to true, the TLS-Versions are automatically disabled. So you don't have to do this separately and I think the REST-Body has a Problem with that. So this would be the right code: 

        $bodycred = @{
            "UserName"= $ilocred.UserName
            "Password"=$ilocred.GetNetworkCredential().Password
        } | ConvertTo-Json
  
        $session = Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Sessions" -Method Post -Body $bodycred -ContentType "application/json" -UseBasicParsing -ErrorAction Stop 
        $AuthHeaders = @{ "X-Auth-Token" = $Session.Headers.'X-Auth-Token' }
        $body = @{
                               "DisableWeakCiphers" = $true                                 
                             } | ConvertTo-Json

        Invoke-WebRequest -Uri "https://$iloboard/redfish/v1/Managers/1/SecurityService/" -Method Patch -Body $body -Headers $AuthHeaders -ContentType "application/json"
0 Kudos
Reply
Rakesh0404
HPE Pro

‎02-15-2024 08:58 PM

‎02-15-2024 08:58 PM

Re: How to set new Option "DisableWeakCyphers" with REST Error iLo5

Yes, as per the script, the disableweakciphers: true , does set the TLS version to disable state.
Thank you for the update, any further queries on the same. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.