UPDATE: Since writing this article in November it does not appear this fix works anymore. I am guessing the AES/3DES ciphers have been deprecated in modern browsers. I can confirm David’s comment using Internet Explorer mode in Microsoft Edge does work.
To enable IE mode, launch edge and type edge://settings/defaultBrowser in the address bar. From the Allow sites to be reloaded in Internet Explorer mode drop-down, select Allow.
Navigate to your iLO URL, select the three dots in the top right (Settings), and pick Reload in Internet Explorer mode from the menu. Edge will remember this setting on each subsequent visit.
If you are trying to connect a modern browser such as Microsoft Edge to HPe’s Integrated Lights Out 3 (iLO 3) management interface, you may receive the following error and be blocked from accessing the iLO webpage.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client or server don't support a common SSL protocol version or cipher suite.
To resolve this error, I recommend ensuring you are on the latest iLO 3 firmware from HPe. At the time of writing, 1.94 was the latest HPe firmware for iLO 3 (released Dec 17, 2020). Firmware can be updated in several ways, including uploading the BIN file via the iLO webpage or online from any number of operating systems, including Windows, Linux, and VMware. Also, refer to the HPe documentation on how to upgrade your firmware.
Once you have the latest firmware, log into the iLO webpage from an older browser, such as Internet Explorer. Then, from the left navigation menu, expand Administration and select Security.
From the Security page, select the Encryption tab.
Then, under the Encryption Enforcement Settings section, toggle the Enforce AES/3DES Encryption dropdown to Enabled.
Click Apply.
Once you have applied this setting, you should then be able to connect to iLO with any modern web browser including Microsoft Edge.
Have you run into this error before? What did you do to fix it? Drop a comment below or join the conversation on Twitter @SuperTekBoy.
Hi all,
Since writing this article in November it does not appear this fix works anymore. I am guessing even the AES/3DES ciphers have now been deprecated in modern browsers.
That said, I can confirm David’s recommendation of using Microsoft Edge, and launching the iLO site in Internet Explorer Mode does work. I will update the article with his recommendation in the coming days.
Anyone found a fix for this? Chrome never worked and now Firefox with the latest update won’t allow access anymore. Tried the settings above to no avail. The only way to get HTTP access is via my iPhone!
I’ve got two DL380 G7’s with iLO3 and the latest 1.94 firmware. I’ve forced AES/3DES and cannot connect to them with Edge anymore. I get a ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error. I can open them in IE still. I know G7’s are EoL but it would be nice if HP would fix this.
Hi Andrew,
Looks like you are using the exact same server, iLO, and firmware I have.
Are you using the latest version of Edge? Once you made the change, did you log out, close all Edge browsers, and log back in?
Can anyone direct me how ot enable HTTP management? Currently the HTTP address is redirecting to HTTPS and I cant locate the setting to adjust this. My ILO is for internal lab use only so I dont care about HTTP vs HTTPS.
I am having the exact same issue. Same server model, firmware, etc. Ran the fix and tried Bjorn’s suggested command below, but the SSH console said the setting was already configured that way.
yup..same issue
UPDATE – I found when using MS Edge, if I use the three dots in the top right and choose “open in internet explorer mode” then it works as expected.
Unrelated, has anyone found a way to use the ILO remote console without the timeout due to not having a valid license?
Thanks for the tip David on the Internet Explorer mode.
Hai
If you run into this issue and yout unable to login to the https and http is disabeld conttect using ssh and run this command :
set /map1/config1 oemhp_enforce_aes=yes
thanks!
Thanks for the great tip Bjorn!
“conttect using ssh and run this command”
How can I do this?
Thanks
If you are running ILO3 1.94, you can just SSH via port 22. It takes about a minute for it to ask for creds though, at least if you are doing it via putty.
Unfortunately, this still does not fix the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error on any modern browsers as it forces the cipher to be “DHE_RSA_WITH_AES_128_CBC_SHA”, which is not quite good enough anymore. More information on that here: https://ciphersuite.info/cs/TLS_DHE_RSA_WITH_AES_128_CBC_SHA/
Thankfully I have an old version of Firefox 45 ESR lying around which works fine when trying to manage via HTTPS.