HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 55
Encryption settings, Connecting to the iLO 2 using AES/3DES encryption, HP Integrated Lights-Out
View all HP Xw460c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 55 highlights
By default, remote console data uses 128-bit RC4 bi-directional encryption. The CPQLOCFG utility uses a 168-bit Triple DES with RSA and a SHA1 MAC cipher to securely send RIBCL scripts to iLO 2 over the network. Encryption settings You can view or modify the current encryption settings using the iLO 2 interface, CLP, or RIBCL. To view or modify current encryption settings using the iLO 2 interface: 1. Click Administration>Security>Encryption. The Encryption page appears, displaying the current encryption settings for iLO 2. Both the current negotiated cipher and the encryption enforcement settings appear on this page. o Current Negotiated Cipher displays the cipher in use for the current browser session. After logging into iLO 2 through the browser, the browser and iLO 2 negotiate a cipher setting to use during the session. The Encryption page Current Negotiated Cipher section displays the negotiated cipher. Encryption Enforcement Settings displays the current encryption settings for iLO 2. Enforce AES/3DES Encryption (if enabled) enables iLO 2 to only accept connections through the browser and SSH interface that meet the minimum cipher strength. A cipher strength of at least AES or 3DES must be used to connect to iLO 2 if this setting is enabled. Enforce AES/3DES Encryption can be enabled or disabled. 2. To save changes, click Apply. When changing the Enforcement setting to Enable, close all open browsers after clicking Apply. Any browsers that remain open might continue to use a non-AES/3DES cipher. To view or modify current encryption settings through the CLP or RIBCL, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. Connecting to the iLO 2 using AES/3DES encryption After enabling the Enforce AES/3DES Encryption setting, iLO 2 requires you to connect through secure channels (web browser, SSH, or XML port) using a cipher strength of at least AES or 3DES. To connect to iLO 2 through a browser, the browser must be configured with a cipher strength of at least AES or 3DES. If the web browser is not using AES or 3DES ciphers, iLO 2 displays an error message informing you to close the current connection and select the correct cipher. See your browser documentation to select a cipher strength of at least AES or 3DES. Different browsers use different methods of selecting a negotiated cipher. You must log out of iLO 2 through the current browser before changing the browser cipher strength. Any changes made to the browser cipher setting while logged into iLO 2 might enable the browser to continue using a non-AES/3DES cipher. All client operating systems and browsers supported by iLO 2, support the iLO 2 AES/3DES Encryption feature except when using Windows 2000 Professional with Internet Explorer. By default, Windows 2000 Professional does not support AES or 3DES ciphers. If a client uses Windows® 2000 Professional, you must use another browser, or update the operating system. Internet Explorer does not have a user-selectable cipher strength setting. You must edit the registry to enable Internet Explorer to connect to iLO 2 when the Enforce AES/3DES Encryption setting is enabled. To enable AES/3DES encryption in Internet Explorer, open the registry and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy to 1. Configuring iLO 2 55