OMSA 5.5.0 and SSL

Marshal_Savage at Dell.com Marshal_Savage at Dell.com
Wed Mar 17 15:12:01 CDT 2010


If you update to the latest version of OMSA (6.2) you can configure the web server preferences for how the SSL encryption is negotiated.

In the user guide search for SSL Encryption
http://support.dell.com/support/edocs/software/svradmin/6.2/en/UG/HTML/using.htm#wp1043676


====excerpt from the user guide=====

The SSL Encryption field specifies the encryption levels for the secured HTTPS sessions. The available encryption levels include Auto Negotiate and 128-bit or higher.


Auto Negotiate: To allow connection from browser with any encryption strength. The browser auto negotiates with the Server Administrator web server and uses the highest available encryption level for the session. Legacy browsers with weaker encryption can connect to the Server Administrator.


128-bit or higher: To allow connections from browsers with 128-bit or higher encryption strength. One of the following cipher suites will be applicable based upon the browser for any established sessions:


SSL_RSA_WITH_RC4_128_SHA

SSL_RSA_WITH_RC4_128_MD5

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

SSL_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Key Signing Algorithm displays the supported signing algorithms. Select an algorithm from the drop down list. If you select either SHA 512 or SHA 256, ensure that your operating system/browser supports this algorithm. If you select one of these options without the requisite operating system/browser support, Server Administrator displays a "cannot display the webpage" error. This field is meant only for Server Administrator auto-generated self-signed certificates. The drop down list will be grayed out if you import or generate new certificates into Server Administrator

-----Original Message-----
From: linux-poweredge-bounces-Lists On Behalf Of Mark Watts
Sent: Wednesday, March 17, 2010 5:09 AM
To: linux-poweredge-Lists
Subject: OMSA 5.5.0 and SSL


Is there any way to change the SSL Ciphers offered by OMSA?
We're being warned about it offering weak ciphers by an audit tool.

Cheers,

Mark.

--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower www.QinetiQ.com QinetiQ - Delivering customer-focused solutions GPG Key: http://www.linux-corner.info/mwatts.gpg



More information about the Linux-PowerEdge mailing list