|
|
|
|
HTTP Webserver (http/ securedirect=enabled servicestate=disabled) |
Redirect Connection to HTTPS |
Redirect Connection to HTTPS |Enabled
|Disabled
When the HTTP Webserver property is set to Redirect Connection
to HTTPS, the service state property for HTTPS Webserver is automatically enabled.
These default property values instruct Oracle ILOM to use HTTPS to
securely transmit information to the web server.
When the HTTP Webserver property is set to enabled, Oracle
ILOM uses HTTP a non-encrypted protocol to transmit information
to the web server.
When the HTTP Webserver property is set to disabled, the use
of the transmitting information to the web server using HTTP is
disabled in Oracle ILOM.
CLI Syntax for HTTP Web Server:
set /SP|CMM/services/http securedirect=enabled|disabled servicestate=disabled|enabled |
HTTP Port
(http/ port=) |
80 |
80 |User_defined
When the HTTP service state is enabled, Oracle ILOM by default, communicates
with the web server using HTTP over TCP port 80. If necessary, the
default port number can be changed.
CLI Syntax for HTTP Port:
set /SP|CMM/services/http port=<n> |
HTTP Session Timeout
(http/ sessiontimeout=) |
15 seconds |
15 seconds |User_defined
The HTTP web session timeout determines how many minutes until
an inactive web browser client is automatically logged out. The
default HTTP web session timeout is 15 minutes. If necessary, the
default session timeout value can be increased or decreased.
CLI Syntax for HTTP Session Timeout:
set /SP|CMM/services/http sessiontimeout=<n> |
HTTPS Webserver (https/ servicestate=enabled) |
Enabled |
Enabled |Disabled
When the HTTPS Webserver property is enabled, Oracle ILOM uses the encrypted protocol HTTPS
to securely transmit information. In addition, when this property is
enabled, you can enable one or more of the supported encryption
protocol properties (TLSv1, TLSv1.1, and TLSv1.2) based on the needs
of your network environment.
When the HTTPS Webserver property is set to disabled, the
use of transmitting information to the web server using HTTPS is
disabled in Oracle ILOM.
CLI Syntax for HTTPS Web Server:
set /SP|CMM/services/https servicestate=enabled|disabled |
HTTPS Port
(https/ port=) |
443 |
443 |User_defined
When the HTTPS service state is enabled, Oracle ILOM, by default, communicates
with the web server using HTTPS over TCP port 443. If necessary,
the default port number can be changed.
HTTPS Port CLI Syntax:
set /SP|CMM/services/https port=<n> |
HTTPS Session Timeout
(https/sessiontimeout=) |
15 seconds |
15 seconds |User_defined
The HTTPS web session timeout determines how many minutes
until an inactive web browser client is automatically logged out.
The default HTTPS web session timeout is 15 minutes. If necessary,
the default session timeout value can be increased or decreased.
CLI Syntax for HTTPS Session Timeout:
set /SP|CMM/services/https sessiontimeout=<n> |
SSLv2 (
https/ sslv2=disabled) |
Disabled (in older Oracle ILOM firmware versions) |
Disabled |Enabled
Note -
In later versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x,
3.2.6.x and forward), the SSLv2 encryption protocol property is
not available for configuration. If an older firmware version of
Oracle ILOM is running on the managed device, disable the SSLv2
property and enable the TLS encryption protocol properties to
ensure secure HTTPS data transmissions.
The SSLv2 property is disabled by default. If necessary, the
default SSLv2 property can be enabled.
CLI Syntax for SSLv2:
set /SP|CMM/services/https sslv2=disabled|enabled |
SSLv3
(https/ sslv3=enabled) |
Enabled (in older Oracle ILOM firmware versions)
|
Disabled |Enabled (default)
Note -
Due to a security vulnerability discovered with SSLv3, the
SSLv3 property is not available for configuration in later
versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x, 3.2.6.x, and
forward). If an older firmware version of Oracle ILOM is running
on the managed device, you should disable the SSLv3 property and
enable the TLS encryption protocol properties. For details about
SSLv3 vulnerabilities, refer to the Oracle MOS SSLv3 Vulnerability
Article.
To enable the strongest secure socket layer encryption, Oracle
ILOM supports the use of SSLv3 and TLS.
CLI Syntax for SSLv3:
set /SP|CMM/services/https sslv3=enabled|disabled |
TLS v1.0, v1.1, and v1.2, (https/tlsv#
=enabled) |
TLS v1.1 and v1.2 Enabled
Prior to firmware release 3.2.4, Oracle ILOM only supported TLS
v1.0. |
Enabled |Disabled
Transport Layer Security (TLS) protocols provide communication security over the Internet.
Enabled — When the TLS properties are enabled, Oracle ILOM
supports the use of the enabled TSL protocol service. However, if
the client does not support the enabled protocol, Oracle ILOM
permits the client to negotiate and use the strongest (most-secure)
client-supported protocol available.
Disabled — When a TLS property is disabled, Oracle ILOM is
prevented from using the disabled TLS protocol to transmit
information. As of Oracle ILOM 3.2.8, TLSv1 is disabled and TLSv1.1
and TLSv1.2 are enabled by default.
For more information about TLS encryption protocols, see Internet
specifications (RFCs 2246, 4346, 5246) created and published by the
Internet Engineering Task Force (IETF).
Note -
All Java versions support TLS v1.1 and v1.2. However, if a
version prior to Java 7u131 is installed,
you will need to manually enable TLS v1.1 and v1.2 , or update
your system with a later Java version.
CLI Syntax for TLSv1:
set
/SP|CMM/services/https(tlsv1=|tlsv1_1=
|tlsv1_2=)enabled|disabled |
Weak Ciphers
(https/ weak_ciphers=disabled) |
Disabled (in older Oracle ILOM firmware versions) |
Disabled |Enabled
Note -
In later versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x,
3.2.6.x and forward), the weak cipher property is not available
for configuration. If an older firmware version of Oracle ILOM
is running on the managed device, disable the weak cipher
property and enable the TLS (v1, v2, and v3) encryption
protocol properties to ensure secure HTTPS data transmissions.
The Weak Ciphers property is disabled by default. It might
be necessary to enable weak ciphers to support the use of older
web browsers.
CLI Syntax for Weak Ciphers:
set /SP|CMM/services/https weak_ciphers=disabled|enabled |
Save |
|
Web interface – To
apply changes made to properties within the Web Server Settings
page, you must click Save. |