Understanding the security features of HPE OneView > Algorithms for securing the appliance

  

 next

Algorithms for securing the appliance

  • SSL/TLS

    See Supported cipher suites

  • Local user passwords:

    SHA-256 Hashing algorithm with 8 bit Salt and 1000 iterations are used to hash the password

  • One-time Password mechanism (for administrator password reset and Hewlett Packard Enterprise support)

    • S/KEY one-time password mechanism

  • Backup files:

    Backup files are encrypted with keys supplied by Hewlett Packard Enterprise.

    Hewlett Packard Enterprise recommends that you encrypt backup files with an encryption key that you generate to ensure confidentiality and the integrity of the backup file.

    Other passwords are encrypted using 128-bit Blowfish.

  • Support dumps:

    Encryption: 128-bit AES

    Hash: SHA-256

    The AES key is encrypted separately using 2,048-bit RSA.

  • Updates:

    Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA

The following SSL cipher suites are enabled on the HPE OneView appliance web server. The cipher suites support the connection among the browser, other clients, and the appliance.

Supported cipher suites

SSL Cipher suite SSL/TLS version Kx Au Enc Mac

ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2

ECDH

RSA

AESGCM(256)

AEAD

ECDHE-RSA-AES256-SHA384

TLSv1.2

ECDH

RSA

AES(256)

SHA384

ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2

ECDH

RSA

AESGCM(128)

AEAD

ECDHE-RSA-AES128-SHA256

TLSv1.2

ECDH

RSA

AES(128)

SHA256

DHE-RSA-AES256-GCM-SHA384

TLSv1.2

DH

RSA

AESGCM(256)

AEAD

DHE-RSA-AES256-SHA256

TLSv1.2

DH

RSA

AES(256)

SHA256

DHE-RSA-AES128-GCM-SHA256

TLSv1.2

DH

RSA

AESGCM(128)

AEAD

DHE-RSA-AES128-SHA256

TLSv1.2

DH

RSA

AES(128)

SHA256

AES256-GCM-SHA384

TLSv1.2

RSA

RSA

AESGCM(256)

AEAD

AES256-SHA256

TLSv1.2

RSA

RSA

AES(256)

SHA256

AES128-GCM-SHA256

TLSv1.2

RSA

RSA

AESGCM(128)

AEAD

AES128-SHA256

TLSv1.2

RSA

RSA

AES(128)

SHA256

ECDHE-RSA-AES256-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

ECDH

RSA

AES(256)

SHA1

ECDHE-RSA-AES128-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

ECDH

RSA

AES(128)

SHA1

ECDHE-RSA-3DES-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

ECDH

RSA

3DES

SHA1

DHE-RSA-3DES-EDE-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

DH

RSA

AES(256)

SHA1

DHE-RSA-AES-128-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

DH

RSA

AES(128)

SHA1

DHE-RSA-AES-256-CBC-SHA

TLSv1.0 / TLSv1.1 / TLSv1.2

DH

RSA

AES

SHA1

AES128-CBC

TLSv1.0 / TLSv1.1 / TLSv1.2

RSA

RSA

AES128

SHA1

AES256-CBC

TLSv1.0 / TLSv1.1 / TLSv1.2

RSA

RSA

AES128

SHA1

3DES-EDE-CBC

TLSv1.0 / TLSv1.1 / TLSv1.2

RSA

RSA

3DES

SHA1

The following SSL cipher suites are enabled on the HPE OneView appliance RabbitMQ server. The cipher suites support the connection among the RabbitMQ clients of the appliance.

{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{rsa,aes_256_cbc,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{rsa,aes_128_cbc,sha256},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{rsa,aes_128_cbc,sha},
{rsa,rc4_128,sha},
{rsa,rc4_128,md5}

prev

 

up

 next

Controlling access to the appliance console 

home

 Files you can download from the appliance

Copyright © 2013-2016 Hewlett Packard Enterprise Development LP