Disable SSL on management interfaces of Huawei SNS 2124 FC switches and RH 2288 V3 servers (according to PCI DSS v 3.1)

Publication Date:  2015-11-09 Views:  237 Downloads:  0
Issue Description

Issue Description

For customers in bank and finance branches version 3.1 of  Payment Card Industry (PCI) Data Security Standard DSS will take effect at June 30, 2016.

According to new version of PCI DSS

SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30 , 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS...”

This means, that many customers all over the World will have to quit using SSL and early TLS in their actual environments in order to pass PCI DSS certification before June 30, 2016.

Huawei FC switches and some old versions of server BMCs use SSL.
Solution

Disable SSL on SNS

To turn off SSL-encryption while connecting to SNS FC-switches management interface need to configure as follows:

 

 

 

Disable SSL on servers

The RH series servers cannot turn off SSL encryption, it’s fixed in software and you cannot modify it. But you always can upgrade the BMC version to that doesn’t use SSL.

 

Here is the list of BMC versions which do not use SSL encryption

 

NO.

Server

BMC version (and newer)

Support-E download link

1

CH121

6.11

CH121 V100R001C00SPC260

2

CH140

6.11

CH140 V100R001C00SPC260

3

CH220

6.11

CH220 V100R001C00SPC260

4

CH221

6.11

CH221 V100R001C00SPC260

5

CH222

6.11

CH222 V100R002C00SPC260

6

CH242

6.11

CH242 V100R001C00SPC260

7

RH2285H V2

7.19

RH2285H V2 V100R002C00SPC503

8

RH2288H V2

7.19

RH2288H V2 V100R002C00SPC605

9

XH320 V2

7.19

XH320 V2 V100R001C00SPC200

10

XH621 V2

7.19

XH621 V2 V100R001C00SPC200

11

RH1288 V2

7.19

RH1288 V2 V100R002C00SPC605

12

RH5885H V3

7.19

RH5885H V3 V100R003C00SPC110

13

RH5885 V3

7.16

RH5885 V3 V100R003C01SPC108

13

CH121 V3

1.82

CH121 V3 V100R001C00SPC161

14

CH140 V3

1.80

CH140 V3 V100R001C00SPC100

15

CH220 V3

1.82

CH220 V3 V100R001C00SPC161

16

CH222 V3

1.82

CH222 V3 V100R001C00SPC161

17

CH226 V3

1.80

CH226 V3 V100R001C00SPC100

18

CH242 V3

1.80

CH242 V3 V100R001C00SPC270

19

XH310 V3

1.82

XH310 V3 V100R003C00SPC300

20

XH620 V3

1.70

XH620 V3 V100R003C00SPC602

21

XH622 V3

1.70

XH622 V3 V100R003C00SPC602

22

XH628 V3

1.70

XH628 V3 V100R003C00SPC602

23

5288 V3

1.68

5288 V3 V100R003C00

24

RH1288 V3

1.82

RH1288 V3 V100R003C00SPC605

25

RH2288 V3

1.82

RH2288 V3 V100R003C00SPC608

26

RH2288H V3

1.82

RH2288H V3 V100R003C00SPC506

27

RH8100  V3

1.70

RH8100 V3 V100R003C00SPC110

28

MM910

5.12

E9000 Chassis V100R001C00SPC270

 

END