We recently began connecting the IPMI/remote access cards in our server farm. The remote access cards are a separate ethernet port that is always on, even when the server is powered off. You can connect in to this interface using your web browser to monitor the server’s status and issue minimal commands, such as power on and open a remote console. Because most of our servers are based on the Dell PowerEdge 1950 and PowerEdge 2950, they are running some slightly-older cards, the Dell DRAC 5.
The most important use for this is the remote console, the ability to connect and use your system as if you were sitting right in front of it. The problem begins with Java, like usual. The remote console relies on Java and due to Dell considering the DRAC 5 to be end of life, hasn’t given it a firmware update in several years.
Over the past few years, many advances in security have taken place. As of the time of this post, the latest and greatest is TLS v1.2, with SSLv3 considered deprecated and insecure. The problem is that these old cards still want to use SSLv3 and do not support TLS. To top it off, the newer versions of Java are defaulted with SSLv3 disabled. Even after adding our URLs to the whitelist, we could not get the console to open because of the error “Error when reading from SSL socket connection”.
Fortunately, Java still offers a way to resolve these problems. First, make sure your DRAC address is added to the whitelist in your Java control panel under the “Security” tab.
Next, we will manually have to edit the java.security file to enable SSLv3. On Windows 7 with Java 1.8u60, this file can be found in C:\Program Files (x86)\Java\jre1.8.0_60\lib\security\java.security.
Search for the parameter “jdk.tls.disabledAlgorithms”. Simply comment it out by adding a pound sign in front of it (#). Save your file and relaunch your remote access console from the DRAC 5 interface. You should be able to connect successfully!
Please remember that, while this fixes your connection problem, you just told Java that it’s okay to use what is considered an insecure cipher. Once you finish your remote session, we highly recommend reactivating the setting in your java.security file.