[Linux-PowerEdge] Openmanage SSLv3 poodle vulnerability
lists at cloned.org.uk
Thu Oct 16 08:06:55 CDT 2014
We do this for our own kit. We also like to secure things generally for
vulnerabilities so would look to lock down the SSL access to secure
protocols. We have customer servers who need to access the DRACs from
their own locations where a jump box.
On Thu, 16 Oct 2014, Sid Young wrote:
> What is the likely hood of a man in the middle attack while you are talking
> to the DRAC? If you feel there is a risk and the DRAC doesn't support TLS
> then only access the DRAC from a secured JUMP box in your DC, then you wont
> have and risk of a man in the middle attack.
> On Thu, Oct 16, 2014 at 9:36 PM, john <lists at cloned.org.uk> wrote:
>> How do you stop openmanage from using insecure SSL versions such as SSLv3
>> following CVE-2014-3566?
>> Also, does anyone know how you do this on an iDRAC5 and iDRAC6? :-)
>> Linux-PowerEdge mailing list
>> Linux-PowerEdge at dell.com
More information about the Linux-PowerEdge