Viewing encryption enforcement settings – HP Integrated Lights-Out 3 User Manual
Page 59
•
128-bit AES with RSA, DHE, and a SHA1 MAC
•
128-bit AES with RSA, and a SHA1 MAC
•
168-bit 3DES with RSA, and a SHA1 MAC
•
168-bit 3DES with RSA, DHE, and a SHA1 MAC
iLO also provides enhanced encryption through the SSH port for secure CLP transactions. iLO
supports AES128-CBC and 3DESCBC cipher strengths through the SSH port.
If enabled, iLO enforces the use of these enhanced ciphers (both AES and 3DES) over the secure
channels, including secure HTTP transmissions through the browser, SSH port, and XML port. When
AES/3DES encryption is enabled, you must use a cipher strength equal to or greater than AES/3DES
to connect to iLO through these secure channels. The AES/3DES encryption enforcement setting
does not affect communications and connections over less-secure channels.
By default, Remote Console data uses 128-bit RC4 bidirectional encryption. The HPQLOCFG utility
uses 128-bit RC4 with 160-bit SHA1 and 2048-bit RSAKeyX encryption to securely send RIBCL
scripts to iLO over the network.
Version 1.50 and later of the iLO 3 firmware supports FIPS Mode.
NOTE:
The term FIPS Mode is used in this document and in iLO to describe the feature, not its
validation status.
•
FIPS is a set of standards mandated for use by United States government agencies and
contractors.
•
FIPS Mode in iLO 3 1.50 and later is intended to meet the requirements of FIPS 140-2 level
1. This version or any other version of the iLO firmware might have this feature but might or
might not be FIPS validated. The FIPS validation process is lengthy, so not all iLO firmware
versions will be validated. For information about the current FIPS status of this or any other
version of the iLO firmware, see the following document:
Viewing encryption enforcement settings
Navigate to the Administration
→Security→Encryption page, as shown in
.
Figure 25 Security–Encryption Settings page
Configuring iLO security
59