HPE Community
Server Management - Systems Insight Manager
1826499 Members
1757 Online
109692 Solutions
New Discussion

Re: HP SIM / SSL Vulnerabilities

 
Marc Sonnenberg
Occasional Contributor

‎09-21-2005 08:12 AM

‎09-21-2005 08:12 AM

HP SIM / SSL Vulnerabilities

This seems to apply more to the system management homepage, but I'll start here. Many of the vulnerability scanning tools available point to issues with the SSL implementation behind SIM / SMH. They refer to many flaws in SSLv2, which I believe these use. Recommendations are to either disable SSL or go to SSLv3. Any comments on this? I like to use SIM and SMH, but are being scrutinized for security reasons. Thank you for your input!!!
0 Kudos
Reply
3 REPLIES 3
Rich Purvis
Honored Contributor

‎09-23-2005 12:51 AM

‎09-23-2005 12:51 AM

Re: HP SIM / SSL Vulnerabilities

If you believe SSLV2 is an issue, then do not use it - SMH supports SSLV3. Because this apparently is a concern for a number of people the SMH team is looking at adding a switch to let customers with this concern disable the SSLV2 support. However, due to varying release cycles and other intangibles I cannot say if and when that will be available, just that it is being looked at now.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
Marc Sonnenberg
Occasional Contributor

‎09-23-2005 08:13 AM

‎09-23-2005 08:13 AM

Re: HP SIM / SSL Vulnerabilities

Any idea on how to change the SMH from v2 to v3? I've been checking manuals and such on that but haven't found much. It would appear that you'd have to change it both on the managed server and on the management server.
0 Kudos
Reply
Rich Purvis
Honored Contributor

‎09-23-2005 08:49 PM

‎09-23-2005 08:49 PM

Re: HP SIM / SSL Vulnerabilities

Right now there is no way to stop it from trying to accept an SSLV2 connection as that is what the user initiated switch would be for. The SMH does not initiate a connection - that is done by you using your browser to connect to SMH - you can set your browser to *not* use SSLV2. If you use SSLV3 to connect to SMH everything should work fine and you won't be using SSLV2. If your problem is that the SMH *can* accept an SSLV2 connection then that currently cannot be changed.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.