Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller version 2.70.70.70
81828384858687888990
Configuring cipher suite selection using iDRAC web interface
CAUTION: Using OpenSSL Cipher Command to parse strings with invalid syntax may lead to unexpected errors.
CAUTION: This is an advanced security option. Before you configure this option, ensure that you have thorough
knowledge of the following:
The OpenSSL Cipher String Syntax and its use
Tools and Procedures to verify and validate the resultant Cipher Suite Configuration to ensure that the
results align with the expectations and requirements.
NOTE: Before you configure the Advanced Settings for TLS Cipher Suites, ensure that you are using a supported web
browser.
To add custom cipher strings:
1. In iDRAC web interface, go to Overview > iDRAC Settings > Network > Service to access the web server settings.
2. Click Set Cipher String under the Customer Cipher String option.
Set Custom Cipher String page is displayed on the screen.
3. In the Custom Cipher String field, enter a valid string and select Set Cipher String.
NOTE: For more information about cipher strings, see www.openssl.org/docs/man1.0.2/apps/ciphers.html.
4. Click Apply.
Setting the custom cipher string terminates the current iDRAC session. Wait for a few minutes before you open new iDRAC
session.
Configuring cipher suite selection using RACADM
To configure cipher suite selection using RACADM, use any one of the following commands:
racadm set idrAC.webServer.customCipherString ALL:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-
AES256-GCM-SHA384
racadm set idrAC.webServer.customCipherString ALL:-DHE-RSA-CAMELLIA256-SHA
racadm set idrAC.webServer.customCipherString ALL:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-
AES256-SHA256:+AES256-GCM-SHA384:-DHE-RSA-CAMELLIA256-SHA
For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at
dell.com/idracmanuals.
FIPS mode
FIPS is a computer security standard that United States government agencies and contractors must use. Starting from version
iDRAC 2.40.40.40, iDRAC supports enabling FIPS mode.
iDRAC will be officially certified to support FIPS mode in the future.
Difference between FIPS-mode supported and FIPS-validated
Software that has been validated by completing the Cryptographic Module Validation Program is referred to as FIPS-validated.
Because of the time it takes to complete FIPS-validation, not all versions of iDRAC are validated. For information about the
latest status of FIPS-validation for iDRAC, see the Cryptographic Module Validation Program page on the NIST website.
Enabling FIPS Mode
CAUTION:
Enabling FIPS mode resets iDRAC to factory-default settings. If you want to restore the settings,
back up the server configuration profile (SCP) before you enable FIPS mode, and restore the SCP after iDRAC
restarts.
82 Configuring iDRAC