Unsolved
1 Rookie
•
87 Posts
0
42
Weak ciphers in PowerStore BMC TCP ports
Hi - my company's scanning software reports that a weak cipher (TLS_RSA_WITH_3DES_EDE_CBC_SHA) is being used on port 443 of the two IP addresses used for the PowerStore 500T BMC. I can't find any documentation on how to change the BMC port's cipher list and get rid of this weak cipher. Help, please!
Thanks
tl
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 23rd, 2024 14:10
Hi,
Thanks for your question.
What OS version are you on? I don’t see any commands to change the ciphers so updating may be the only way.
Let us know if you have any additional questions.
tlemons1
1 Rookie
1 Rookie
•
87 Posts
0
January 23rd, 2024 15:45
Hi Josh - thanks for the reply. Looking at the Storage Manager UI, I see the 'SW Version' is 3.6.0.0. Not sure how to see the version with the build number?
tlemons1
1 Rookie
1 Rookie
•
87 Posts
0
January 23rd, 2024 15:48
Found it: 3.6.0.0 (Release, Build 2145637, 2023-09-14 07:28:54, Retail)
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 23rd, 2024 16:12
Thanks, that is up to date. Go to https://dell.to/3SdzrHR then go to PowerStore and under Miscellaneous security config guide. Page 88 and make sure TLS 1.1 is disabled.
tlemons1
1 Rookie
1 Rookie
•
87 Posts
0
January 23rd, 2024 16:28
Hi Josh - using Storage Manager, I verified (in https://{hostname}/#/settings/tls) that TLS 1.1 is set to Disabled.
BTW, the vulnerability in trying to address is CVE-2016-2183.
Thanks!
tl
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 23rd, 2024 17:05
I don’t see a fix for that CVE for Powerstore. https://dell.to/3SE7M4p this is the most recent update for PowerStore. https://dell.to/4b8UUdr May be worth calling phone support and reporting it.
tlemons1
1 Rookie
1 Rookie
•
87 Posts
0
January 23rd, 2024 17:24
Got it. Thanks very much for the support, Josh!
tl