Reference Guide
Table Of Contents
- Dell EMC iDRAC Service Module Security Configuration Guide
- Contents
- Overview
- Security quick reference
- Product and subsystem security
- Miscellaneous configuration and management elements
- Internal security information
- Resources and support
- Contacting Dell EMC
Data integrity
iSM log collection artifacts such as SPD logs are checked for integrity before they are used for any task.
Other data security features
Not applicable.
Cryptography
iSM supports TLS 1.2 and generates self-signed certificates to communicate with iDRAC. The following sections indicate the set
of algorithms supported by iSM and iDRAC during TLS handshake.
Cryptographic configuration options
There are no interface options in iSM to configure cryptographic algorithms. iSM relies on the native algorithms available for
handshake on the operating system. These algorithms should be selected by the administrator based on security best practices.
Table 4. Default cryptographic configuration
Attribute Strength
Protocol TLS 1.2
Cipher Operating system default ciphers are honored.
Cipher strength 256
Hash SHA-384
Key exchange RSA
Table 5. TLS ciphers supported by iDRAC firmware older than version 4.40.10
iDRAC older than 4.40.10
TLSv1.2:
ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C
TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C
TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C
TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A
Table 6. TLS ciphers supported by iDRAC firmware version 4.40.10 and later
iDRAC 4.40.10 and later
TLSv1.2:
16 Product and subsystem security