Accessing DRAC 4 from recent Linux distributions

Posted on 24. December 2015 by admin
  1. Make sure you have Firefox, Java Runtime Environment and Java plugin for Firefox. In Debian, you need these packages:
    • iceweasel
    • openjdk-7-jre
    • icedtea-7-plugin
  2. DRAC 4 only supports SSLv3 and TLS 1.0 but they’re disabled in recent Firefox/Iceweasel versions – you get Secure Connection Failed error. To fix it, go to about:config and set security.tls.insecure_fallback_hosts to a comma separated list of hosts you want connect to (e.g. 10.1.2.3,10.2.3.4). You can now connect and login to DRAC 4.
  3. DRAC 4 only supports SSL_RSA_WITH_RC4_128_MD5 and SSL_RSA_WITH_RC4_128_SHA cipher suites but they’re disabled in recent Java versions – you get an exception and Unknown Main-Class error if you try to open console. To fix it, enable SSL_RSA_WITH_RC4_128_MD5 cipher suite by setting
    deployment.plugin.jvm.arguments=-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_RSA_WITH_AES_256_CBC_SHA,
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_RSA_WITH_AES_128_CBC_SHA,
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
    SSL_RSA_WITH_3DES_EDE_CBC_SHA,
    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
    SSL_RSA_WITH_RC4_128_MD5
    in ~/.icedtea/deployment.properties (Debian Wheezy) or ~/.config/icedtea-web/deployment.properties (Debian Jessie). Make sure everything is on single line and there are no spaces around the commas. You can also set it using itweb-settings (JVM Settings->Set JVM arguments for plugin) but there’s a bug – a backslash is prepended before equal (=) sign in deployment.properties so you have to edit the file then.
  4. Console will not open from the DRAC web interface, you have to enter URL manually (e.g. https://10.1.2.3/cgi/vkvm). You may want to bookmark it.
This entry was posted in Linux. Bookmark the permalink.