Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84573members
353846posts

AP5610 SSL configuration.

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
BillP
Administrator Administrator
Administrator
0 Likes
2
178

AP5610 SSL configuration.

This question was originally posted by Ian on APC forums on 5/12/2016


Hi,

I have several AP5610 KVM's running 01.03.30.00 firmware.  I need to disable SSLv2 in addition to disabling weak cipher suites.  Is there a way to do this on this model through a firmware update or configuration change?

Thanks,

- Ian


Accepted Solutions
BillP
Administrator Administrator
Administrator
0 Likes
0
178

Re: AP5610 SSL configuration.

This reply was originally posted by Angela on APC forums on 7/8/2016


Hi Ian,

Yes, look at KVM2116P as the closest replacement. Our latest firmware brought TLS 1.2 and because it is our current model, we will be continuing to make enhancements. I think our next release will remove RC4 ciphers (I can't recall if it was done in the TLS 1.2 release but I don't think so) and also make the default SSL cert SHA-2 (but you can use OpenSSL with these to make whatever type of cert you want anyway) and we will continue to make any other security updates on this model as needed.

The only problem is that the KVM2116P does not support the server modules/dongles or cascaded analog KVMs that AP5610 does. They are a completely different family and unfortunately there is no backwards/forwards compatibility with one minor exception of the Rack PDU cables - AP5641. That is a shared cable between the two. If you upgrade the KVM, then you'd need to upgrade any of the server modules/dongles unfortunately.

Let me know if you have any other questions.

See Answer In Context

2 Replies 2
BillP
Administrator Administrator
Administrator
0 Likes
0
178

Re: AP5610 SSL configuration.

This reply was originally posted by Ian on APC forums on 7/8/2016


Hi Angela,

I was able to console into the KVM, but I did not see any relevant settings.  I checked under Network and Security Configuration.

If we need to replace this model, do you know what new models would support these settings and ideally TLS v1.2?

Thanks,

- Ian

BillP
Administrator Administrator
Administrator
0 Likes
0
179

Re: AP5610 SSL configuration.

This reply was originally posted by Angela on APC forums on 7/8/2016


Hi Ian,

Yes, look at KVM2116P as the closest replacement. Our latest firmware brought TLS 1.2 and because it is our current model, we will be continuing to make enhancements. I think our next release will remove RC4 ciphers (I can't recall if it was done in the TLS 1.2 release but I don't think so) and also make the default SSL cert SHA-2 (but you can use OpenSSL with these to make whatever type of cert you want anyway) and we will continue to make any other security updates on this model as needed.

The only problem is that the KVM2116P does not support the server modules/dongles or cascaded analog KVMs that AP5610 does. They are a completely different family and unfortunately there is no backwards/forwards compatibility with one minor exception of the Rack PDU cables - AP5641. That is a shared cable between the two. If you upgrade the KVM, then you'd need to upgrade any of the server modules/dongles unfortunately.

Let me know if you have any other questions.