Operational Defect Database
BugZero found this defect 122 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Hewlett Packard Enterprise | a00137073en_us
Advisory: HPE OneView 8.60 or Earlier - Qualys Security and Other Security Scanners Will Report Their Security Findings as "Weak SSL/TLS Key Exchange"
Last update date:
1/19/2024
Affected products:
HPE OneView
Affected releases:
HPE OneView
Fixed releases:
No fixed releases provided.
Description:
Info
In HPE OneView 8.60 or earlier, when FIPS mode is enabled and GCM ciphers are enforced, Qualys or other security scanner may report that ciphers "ECDHE-RSA-AES256-GCM-SHA384" and "ECDHE-RSA-AES128-GCM-SHA256" implement a "Weak SSL/TLS Key Exchange".
Scope
Any HPE OneView 8.60 or earlier.
Resolution
This issue is resolved in HPE OneView 8.7. Upgrade to OneView 8.70 or later to correct this issue. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Support Alerts. Sign up for Support Alerts at the following URL: HPE Email Preference Center. NAVIGATION TIP: For hints on navigating HPE.com to locate the latest drivers, patches and other support software downloads, refer to the Navigation Tips document. SEARCH TIP: For hints on locating similar documents on HPE.com, refer to the Search Tips document.
