UPDATE: Since writing this article in November it does not appear this fix works anymore. I am guessing the AES/3DES ciphers have been deprecated in modern browsers. I can confirm David’s comment using Internet Explorer mode in Microsoft Edge does work.
To enable IE mode, launch edge and type edge://settings/defaultBrowser in the address bar. From the Allow sites to be reloaded in Internet Explorer mode drop-down, select Allow.
Navigate to your iLO URL, select the three dots in the top right (Settings), and pick Reload in Internet Explorer mode from the menu. Edge will remember this setting on each subsequent visit.
If you are trying to connect a modern browser such as Microsoft Edge to HPe’s Integrated Lights Out 3 (iLO 3) management interface, you may receive the following error and be blocked from accessing the iLO webpage.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client or server don't support a common SSL protocol version or cipher suite.
To resolve this error, I recommend ensuring you are on the latest iLO 3 firmware from HPe. At the time of writing, 1.94 was the latest HPe firmware for iLO 3 (released Dec 17, 2020). Firmware can be updated in several ways, including uploading the BIN file via the iLO webpage or online from any number of operating systems, including Windows, Linux, and VMware. Also, refer to the HPe documentation on how to upgrade your firmware.
Once you have the latest firmware, log into the iLO webpage from an older browser, such as Internet Explorer. Then, from the left navigation menu, expand Administration and select Security.
From the Security page, select the Encryption tab.
Then, under the Encryption Enforcement Settings section, toggle the Enforce AES/3DES Encryption dropdown to Enabled.
Click Apply.
Once you have applied this setting, you should then be able to connect to iLO with any modern web browser including Microsoft Edge.
Have you run into this error before? What did you do to fix it? Drop a comment below or join the conversation on Twitter @SuperTekBoy.
Claudio Gabriel Pera says
thank you, was my solution.
Andreas says
Works for me using current Firefox, and security.tls.version.min set to 2.
I can even use the Java Remote Console using Web Start.
mitchd123 says
Thank you all, I wasted so much time on this. The IE solution in Edge works best for me because on Win 11 I have the .Net Framework installed, which allows me to do remote console. HUGE THANK YOU!
Nathan Martin says
just bumping here as there is a really simple solution to this… sorry if its been posted
On ANY version of firefox:
enter “about:config” as your url
Accept warnings
Search for “tls”
change “security.tls.version.enable-deprecated” to “true”
possibly change “security.tls.version.min” to “1” or “1.2” but probably best not too
Enjoy
GMax says
Thanks dude, that was the solution in my use case.
Claudio Gabriel Pera says
thank you, additional at the article was my solution. many thanks
Mike McCormick says
Windows 10>control panel>internet options>advanced – scroll down to the Security section and turn on tls 1.0 1.2…etc whatever is needed. Then run ILO from edge browser – should now work…will still get a warning “this is not a secure site” as you should…next click on ‘more information’ arrow and then click “go to the webpage (not recomm..). This should let you access older versions of hpe ilo from the MS edge browser
stephen says
i navigate to the page like in the screenshot and this use to work for me before i didnt use my server for a while and had to reset the ilo, however now the setting is greyed out in the box and it wont let me click it to disable it even though i have admin perms
Mike says
In Firefox “about:config”, set “security.tls.version.min” to 2 to re-enable TLS 1.1. (Set it to 1 for TLS 1.0 if needed for ILO 2 or something else.)
Mike McCormick says
this will get you in to ILO but not able to run remote console with out MS edge for the first two remote console choices and the other two choices are not worth using…..IMO
Evgeny says
Setting security.tls.version.enable-deprecated=true made it work for me in Firefox 103.0.2 on Linux.
Gareth Gudger says
Hi all,
Since writing this article in November it does not appear this fix works anymore. I am guessing even the AES/3DES ciphers have now been deprecated in modern browsers.
That said, I can confirm David’s recommendation of using Microsoft Edge, and launching the iLO site in Internet Explorer Mode does work. I will update the article with his recommendation in the coming days.
Paolo says
Anyone found a fix for this? Chrome never worked and now Firefox with the latest update won’t allow access anymore. Tried the settings above to no avail. The only way to get HTTP access is via my iPhone!
Andrew Butterworth says
I’ve got two DL380 G7’s with iLO3 and the latest 1.94 firmware. I’ve forced AES/3DES and cannot connect to them with Edge anymore. I get a ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error. I can open them in IE still. I know G7’s are EoL but it would be nice if HP would fix this.
Gareth Gudger says
Hi Andrew,
Looks like you are using the exact same server, iLO, and firmware I have.
Are you using the latest version of Edge? Once you made the change, did you log out, close all Edge browsers, and log back in?
David says
Can anyone direct me how ot enable HTTP management? Currently the HTTP address is redirecting to HTTPS and I cant locate the setting to adjust this. My ILO is for internal lab use only so I dont care about HTTP vs HTTPS.
David says
I am having the exact same issue. Same server model, firmware, etc. Ran the fix and tried Bjorn’s suggested command below, but the SSH console said the setting was already configured that way.
Colin says
yup..same issue
David says
UPDATE – I found when using MS Edge, if I use the three dots in the top right and choose “open in internet explorer mode” then it works as expected.
Unrelated, has anyone found a way to use the ILO remote console without the timeout due to not having a valid license?
Gareth Gudger says
Thanks for the tip David on the Internet Explorer mode.
VaughnR says
I cant seem to find internet explorer mode in Edge … is that not included on macOS version of Edge?
Harish says
Hai
Bjorn says
If you run into this issue and yout unable to login to the https and http is disabeld conttect using ssh and run this command :
set /map1/config1 oemhp_enforce_aes=yes
Colin says
thanks!
Gareth Gudger says
Thanks for the great tip Bjorn!
Mathias says
“conttect using ssh and run this command”
How can I do this?
Thanks
Joe says
If you are running ILO3 1.94, you can just SSH via port 22. It takes about a minute for it to ask for creds though, at least if you are doing it via putty.
Unfortunately, this still does not fix the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error on any modern browsers as it forces the cipher to be “DHE_RSA_WITH_AES_128_CBC_SHA”, which is not quite good enough anymore. More information on that here: https://ciphersuite.info/cs/TLS_DHE_RSA_WITH_AES_128_CBC_SHA/
Thankfully I have an old version of Firefox 45 ESR lying around which works fine when trying to manage via HTTPS.
Bruno Mourato says
This is the only solution right now. At least for me… Downloaded a portable version of firefox 45. Thank you.