DRAC 5 Remote Console on Fedora

It seems like every time I try to access the remote console on one of my old DRAC 5's, something fails. The latest failure was kind of new and I didn't find any blog posts specifically discussing it, so I'm writing one. The error was the classic "Error when reading from ssl socket connection". But the usual fixes didn't work.

Normally this is caused by new Java security settings. As Java disables insecure encryption methods, old applications like the remote console stop working. Fortunately, it is possible to re-enable those protocols. In my case, that would be done by editing /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/jre/lib/security/java.security and editing or commenting out the jdk.certpath.disabledAlgorithms, jdk.jar.disabledAlgorithms, and jdk.tls.disabledAlgorithms settings. According to a post on the Dell forums, the protocols used by the remote console are SSLv3, RC4, and MD5withRSA. The usual disclaimer applies here: These were disabled for a reason and re-enabling them could potentially open you up to exploits. I don't care because the remote console is the only thing I use Java for.

However, this time the fix didn't work for me. I ripped out all the disabledAlgorithms that I could and still got errors. Well, it turns out Fedora has added another security file that also needs to be edited. It can be found at /etc/crypto-policies/back-ends/java.config. The same keys as mentioned above are in that file and need to be edited in the same way. Once I did that, I was able to get remote access to my servers again.