Skip to content

Add per-target legacy RSA key exchange support#205

Open
Yukk1o wants to merge 1 commit into
mrlhansen:masterfrom
Yukk1o:feature/legacy-rsa-kex
Open

Add per-target legacy RSA key exchange support#205
Yukk1o wants to merge 1 commit into
mrlhansen:masterfrom
Yukk1o:feature/legacy-rsa-kex

Conversation

@Yukk1o

@Yukk1o Yukk1o commented Jul 14, 2026

Copy link
Copy Markdown

Summary

Add an optional allow_legacy_rsa_kex setting for Redfish endpoints that only
support TLS 1.2 cipher suites using legacy RSA key exchange.

The option is disabled by default and only enables:

  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384

Example:

hosts:
  192.0.2.1:
    username: user
    password: pass
    allow_legacy_rsa_kex: true

Tested successfully with an H3C UniServer R4950 G5 running HDM firmware 3.57.

- Add auth config support for allowing legacy RSA key exchange
- Document the new setting in the sample configuration
@Yukk1o Yukk1o marked this pull request as draft July 14, 2026 00:48
@Yukk1o Yukk1o closed this Jul 14, 2026
@Yukk1o Yukk1o reopened this Jul 14, 2026
@Yukk1o Yukk1o marked this pull request as ready for review July 14, 2026 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant