Reference Guide
Table Of Contents
- Dell EMC iDRAC Service Module Security Configuration Guide
- Contents
- Overview
- Security quick reference
- Product and subsystem security
- Miscellaneous configuration and management elements
- Internal security information
- Resources and support
- Contacting Dell EMC
Table 6. TLS ciphers supported by iDRAC firmware version 4.40.10 and later
iDRAC 4.40.10 and later
ciphers
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(secp256r1)-C
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(secp256r1)-A
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(secp256r1)-A
LS_ECDHE_RSA_WITH_RC4_128_SHA(secp256r1)-C
TLS_RSA_WITH_3DES_EDE_CBC_SHA(rsa 2048)-C
TLS_RSA_WITH_AES_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_128_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_128_GCM_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_AES_256_CBC_SHA256(rsa 2048)-A
TLS_RSA_WITH_AES_256_GCM_SHA384(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_IDEA_CBC_SHA(rsa 2048)-A
TLS_RSA_WITH_RC4_128_MD5(rsa 2048)-C
TLS_RSA_WITH_RC4_128_SHA(rsa 2048)-C
TLS_RSA_WITH_SEED_CBC_SHA(rsa 2048)-A
Certified cryptographic modules
Not applicable.
Certificate management
iSM does not support custom certificate import. The self-signed certificates created by iSM and iDRAC are imported by iSM
into the operating system native certificate store.
Auditing and logging
iSM has audit logging in order to check an issue in the certificate handshake for any communication between iSM and iDRAC.
The following messages in the operating system logs indicate a TLS error. iSM logs comply with the event and error message
reports. For more information, see Event and Error Message Reference Guide for 14th Generation Dell EMC PowerEdge Servers
available at https://www.dell.com/idracmanuals.
Logs
iDRAC Service Module (iSM) uses the platform and operating system logging interface: syslog and Windows event log.
ISM0048
iDRAC is unable to communicate with the iSM because of a Transport Layer Security (TLS) issue. The
issue details: <TLS error details>.
Resolution Reinstall the latest available iSM on the host operating system and retry the operation. If the issue
persists, contact your service provider.
ISM0049 The iSM is unable to communicate to the iDRAC because the client certificate is either unavailable or
invalid.
Resolution Reinstall the latest available iSM on the host operating system and retry the operation. If the issue
persists, contact your service provider. For information about the installation procedure, see iDRAC
Service Module User's Guide available at https://www.dell.com/idracmanuals.
Product and subsystem security 17