[Linux-PowerEdge] VMCLI - SSLv3 Handshake

Pablo Ilarragorri Pablo.Ilarragorri at ar.ey.com
Tue Sep 20 06:45:51 CDT 2016


I've noticed this last week, but it probably dates back several weeks (or months).

The running OS is RHEL6.8 , OpenSSL 1.0.1e-fips.




--
Pablo Ilarragorri | Linux Servers Solutions Level 4 | Cloud Services | Global Delivery Services

Pistrelli, Henry Martin y Asociados SRL
Office: (+54) 11-4510 | pablo.ilarragorri at ar.ey.com

-----Original Message-----
From: Paul Menzel [mailto:pmenzel at molgen.mpg.de]
Sent: Tuesday, September 20, 2016 8:24 AM
To: Pablo Ilarragorri <Pablo.Ilarragorri at ar.ey.com>; linux-poweredge at lists.us.dell.com
Subject: Re: [Linux-PowerEdge] VMCLI - SSLv3 Handshake

Dear Pablo,


On 09/19/16 20:42, Pablo Ilarragorri wrote:

> I've started to encounter the following error while trying to run vmcli against several iDRACs.
>
> Error: SSL Connection error
> 139702341482120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
>
> The iDRAC ssl config seems correct (enforcing tls)
>
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : DHE-RSA-AES256-GCM-SHA384
>
> I've tried with auto-negotiate on the idrac side, no luck so far.
>
> As far as I understand, it seems that vmcli is not capable of understanding TLS and fails the connection to the iDRAC.
>
> My vmcli version
>
> Name        : srvadmin-idrac-vmcli
> Arch        : x86_64
> Version     : 8.3.0
> Release     : 1908.9058.el6
>
> []# vmcli -v
> iDRAC Virtual Media Command Line Interface. Version: 2.00.00.22110
>
> Is ther any workaround for this? Am I doing something wrong on my end?

Since when does the problem? Do the components for example use your distribution OpenSSL library, and that was updated?


Kind regards,

Paul

___________________________________
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. EY is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.



More information about the Linux-PowerEdge mailing list