My virtual machine environment is a Dell Poweredge 2950 that I got from a good friend a long time back now. It’s got a pair of Xeons in it, and runs relatively quiet, so it’s some excellent virtualization hardware. I’ve got it running Xen 4.9 on Ubuntu 18.04 now, and that’s excellent.
Things were running great on 16.04, but I wanted the newer version of xen to be able to
take advantage of the usb features in xl. This required an upgrade.
Now this is my domain 0, so I need it to be up to do anything. My mail server runs on it.
Fortunately, the server comes with an iDRAC which is basically an IP
KVM. Unfortunately, it only works on old SSLv3 protocols, and there’s no upgrade opportunity.
Hooray proprietary hardware, right?
In the past, I had always just modified my /etc/java/security file to not disable SSLv3
and then switched it back when I was done. This is annoying, though, and error prone.
I probably should’ve paid more attention to this xkcd when I built a docker container
to handle all the legacy SSL stuff for me.
Although, if I do it yearly, and I spent less than 5 hours on it, and it saves me the 30+ minutes of remembering how to actually connect to the damn thing, I might have done it right.
I’ve also jumped on the Gitlab boat with this one, because Microsoft just bought Github, and I’m none too pleased with that.
https://gitlab.com/dkowis/idrac-old-java-container/tree/master
Basically, you can clone this repo, tweak the exception.sites file and fire it up.
It will open up a firefox that’s running firefox ESR 32-bit, and has the java plugin on it.
Then the iDRAC console runs on that old java, in that container, but everything looks like
it’s on your host system, and makes it nice and securely insecure.
Hope this helps someone else who’s annoyed by having to use old java, and old insecure protocols.