Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1676792.1
Update Date:2018-03-06
Keywords:
Solution Type  Technical Instruction Sure

Solution  1676792.1 :   Does ILOM support SHA-2 for SNMP connections?  

Related Items 
    

  • SPARC T4-2
    •  
  • SPARC T4-4
    •  
  • SPARC T4-1
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>CMT>SN-SPARC: T4
    •  






In this Document


Goal


Solution


References

Created from <SR 3-9032136821>


Applies to:  

SPARC T4-2 - Version Not Applicable to Not Applicable [Release N/A]
SPARC T4-4 - Version Not Applicable to Not Applicable [Release N/A]
SPARC T4-1 - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.

Applies to all Service Processors (SP's) of Oracle servers running ILOM 3.x



Goal


 SNMPv3 supports cryptographic security. Does ILOM support SHA-2 for more secure SNMP connections?


Solution


The ILOM Browser User Interface (BUI) uses SHA-2 for the SSL certificate since ILOM 3.1.x and only SHA-1 is used for SNMP connections:


-> help /SP/services/snmp/users/test/

 /SP/services/snmp/users/test : SNMP user
    User role required for create/delete = u

    Targets:

    Properties:
        authenticationpassword : SNMP user authentication password
        authenticationpassword : User role required for set = u

        authenticationprotocol : SNMP user authentication protocol
        authenticationprotocol : Possible values = MD5, SHA
        authenticationprotocol : User role required for set = u

        permission : SNMP user permission
        permission : Possible values = ro, rw
        permission : User role required for set = u

        privacypassword : SNMP user privacy password
        privacypassword : User role required for set = u

        privacyprotocol : SNMP user privacy protocol
        privacyprotocol : Possible values = none, DES, AES
        privacyprotocol : User role required for set = u


The reason why SHA-2 was not implemented so far, is due that currently only a few SNMP Managers supports SHA-2. Alternatively, the specifications allow as a method for authenticating and encrypting SNMPv3 over SSH or over TLS and DTLS. 


References
 <BUG:15714531> - SUNBT7043450 SHA-2 AUTHENTICATION PROTOCOL NEED TO BE SET AS CUST RQST FOR SNMP
 <BUG:15666670> - SUNBT6981957-TRUNK MODIFY ILOM SNMP V3 TO SUPPORT AES ENCRYPTION
 <BUG:15734230> - SUNBT6991280-3.1 ILOM BUI SSL CERT SIGNED WITH WEAK MD5 CIPHER
 <BUG:15734235> - SUNBT6991280-3.1_SP01 ILOM BUI SSL CERT SIGNED WITH WEAK MD5 CIPHER
 <BUG:15734234> - SUNBT6991280-TRUNK ILOM BUI SSL CERT SIGNED WITH WEAK MD5 CIPHER



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback