- DISABLE TLS1.0 ON HP ILO 4 INSTALL
- DISABLE TLS1.0 ON HP ILO 4 SOFTWARE
- DISABLE TLS1.0 ON HP ILO 4 PASSWORD
- DISABLE TLS1.0 ON HP ILO 4 MAC
DISABLE TLS1.0 ON HP ILO 4 MAC
The information below is taken from the HPE iLO help documentation and is provided here for convenience sake – SSH cipher, key exchange, and MAC support I would strongly recommend deploying any HPE hardware with iLO functionality in ‘HighSecurity’ mode, let us hope that when TLS 1.3 is widely available iLO 5 supports and provides similar configuration options.
DISABLE TLS1.0 ON HP ILO 4 PASSWORD
DISABLE TLS1.0 ON HP ILO 4 INSTALL
To install these component types, use Smart Update Manager to add files or install sets to the iLO installation queue, or install each update individually by using the iLO Firmware or Group Firmware Updatepages
![disable tls1.0 on hp ilo 4 disable tls1.0 on hp ilo 4](https://www.windowsboy.com/wp-content/uploads/2020/01/Screenshot_16-1170x546.png)
When HighSecurity is enabled, you must use a supported cipher to connect to iLO through these secure channels.
![disable tls1.0 on hp ilo 4 disable tls1.0 on hp ilo 4](http://i2.51cto.com/images/blog/201809/06/09fa0728639acc47090a779aff7e8b2c.jpg)
If you are using the standalone iLO remote console you will need to update to the latest version to make sure it supports the AES ciphers. It is vital you ensure browsers and other systems which connect will support this change. Please be mindful that any change to protocol and cipher settings may impair your ability to connect and manage the iLO system. Now we can only negotiate a TLS 1.2 protocol option with a limited set of AES ciphers.
![disable tls1.0 on hp ilo 4 disable tls1.0 on hp ilo 4](https://community.hpe.com/hpeb/attachments/hpeb/itrc-264/142708/1/iLO.png)
Having made the change and clicked ‘Apply’ it is necessary to allow the iLO subsystem to restart to make the necessary changes. By default this is set to ‘Production’, in my second screenshot I’ve changed this to ‘HighSecurity’ and for those of you who require FIPS compliance there is a final option of FIPS. Let’s have a look at the web interface – if we browse to the iLO and then Security -> Encryption we see a drop down menu. With TLS 1.3 here I’d love to say I’ll work to 1.3 only but that is a way off yet for us. I am working towards a TLS 1.2 only environment at work which is not easy with so many systems and requirements but it is a worthy goal. To do so we will modify the settings to only support TLS 1.2 as a protocol with a reduced set of ciphers that only use AES.
![disable tls1.0 on hp ilo 4 disable tls1.0 on hp ilo 4](https://i.ytimg.com/vi/RFvPxk000UQ/maxresdefault.jpg)
Now that the introduction is out of the way let’s take a look at configuring an iLO interface to be somewhat more secure than it is by default.
DISABLE TLS1.0 ON HP ILO 4 SOFTWARE
The most recent version was released alongside their tenth generation server hardware (Gen10) – iLo 5 brings many features in both the software and hardware which are outside the scope of this post, for your reference I have provided a link to the iLO homepage on HPE below – If you’re not familiar, HPE provide IPMI functionality via a custom ASIC which they call their Integrated Lights Out (iLO) chip. In this post I’m going to cover some of the nice features in Hewlett Packard Enterprise (HPE) latest iLO. People who work with me or have done in the past will know I’m really keen on ensuring TLS/SSL settings and certificates are properly implemented wherever possible.