09-05-2005 06:52 AM - last edited on 12-25-2012 12:27 AM by Cathy_xu
I have the following security vulnerabilities on several hundred proliant servers.
- SSL Server Supports Weak Encryption
- SSL Server Uses Weak Encryption
- SSL Server Has SSLv2 Enabled
- SSL Certificate - Signature Verification Failed
- SSL Certificate - Self-Signed Certificate
- SSL Certificate - Subject Common Name Does Not Match Server FQDN
All of them are caused by the HP System Management Homepage (v188.8.131.52) which listens on SSL port 2381. Is there a way to enable SSLv3 and turn-off SSLv2 and also restrict access to strong encryption only?
I got stuck and it seams it is not possible to disable v2. My attempts to change the config file "C:\hp\hpsmh\conf\smhpd.conf" was without success. The file gets dumped when the SysMgmtHP service starts up. Therefore, I assume configuration settings are hard coded somewhere.
A look at the SSLCipherSuite entry shows that v2 is enabled.
This should be changed to:
P.S.This thread has been moved from ITRC server mgmt (Insight Manager 7) Forum to ITRC HP Systems Insight Manager Forum- HP Forums Moderator