[Linux-PowerEdge] Openmanage SSLv3 poodle vulnerability

john lists at cloned.org.uk
Thu Oct 16 08:06:55 CDT 2014


We do this for our own kit. We also like to secure things generally for 
vulnerabilities so would look to lock down the SSL access to secure 
protocols. We have customer servers who need to access the DRACs from 
their own locations where a jump box.

Cheers,

John

On Thu, 16 Oct 2014, Sid Young wrote:

> What is the likely hood of a man in the middle attack while you are talking
> to the DRAC? If you feel there is a risk and the DRAC doesn't support TLS
> then only access the DRAC from a secured JUMP box in your DC, then you wont
> have and risk of a man in the middle attack.
>
> Sid
>
>
> On Thu, Oct 16, 2014 at 9:36 PM, john <lists at cloned.org.uk> wrote:
>
>> Hi,
>> How do you stop openmanage from using insecure SSL versions such as SSLv3
>> following CVE-2014-3566?
>>
>> Also, does anyone know how you do this on an iDRAC5 and iDRAC6? :-)
>>
>> Thanks,
>>
>> John
>>
>> _______________________________________________
>> Linux-PowerEdge mailing list
>> Linux-PowerEdge at dell.com
>> https://lists.us.dell.com/mailman/listinfo/linux-poweredge
>>
>



More information about the Linux-PowerEdge mailing list