Jan 312015
 

So the openjdk in most linux distros has now been upgraded to v1.8. This has a good bug fix regarding the whole SSLv3 Poodle vulnerability.

This has one problem. The Dell DRAC remote management cards installed in a lot of Dell servers relies on SSLv3 to operate. Without this, you can get into the web interface – but when you get an error stating Error when reading from SSL socket connection and no further.

drac-ssl-error

Thankfully, it is simple to re-enable SSLv3 to allow the connection to succeed.

Open up /usr/lib/jvm/*/jre/lib/security/java.security in your favourite editor as root, and change the following line:
jdk.tls.disabledAlgorithms=SSLv3

to

jdk.tls.disabledAlgorithms=

This enables SSLv3 to all java applications – however it exposes yourself to the MITM attack as defined in CVE-2014-3566. I suggest having a read of the CVE to understand if you want to leave this setting as default on your system or disable it again afterwards.

  6 Responses to “Java update broke the Dell DRAC 5 remote management cards!”

  1. Just ran into this issue, your write up saved tons of time. Thanks for sharing.

  2. Really fantastic solution. Thank you so much for posting very valuable and useful info…

  3. nice attempt, unfortunately didn’t work for me. Is there any other place, where maybe globally defined parameters are? I try to acces the virtual console of HP ILO 2. When I use the browser, I can download the JAR-file, but java says:

    JAR https://10.100.128.20/rc175p08.jar not found. Continuing.

    My environment:

    fedora 21,
    OpenJDK Runtime Environment (build 1.8.0_60-b27)
    OpenJDK 64-Bit Server VM (build 25.60-b23, mixed mode)

    regards fish

  4. Thank you Steve this did the trick for a problem with a KVM viewer.
    It is a wonder why Java implementations and the API are completely non-standard and each update seems to break critical applications.

  5. I had to do this, and do a remote racadm command to get the ssl cert or else I kept getting the same error.

    Using remote racadm, I ran this command:

    racadm -r -u -p sslcertdownload -t 1 -f

    Then it works like a charm for me.

  6. I forgot to add that I then had to import the cert into Java.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)