This is a backport of PR #8533 as merged into main (0d50131d5ea8f1e82948b47daa4828432e5ddacf).
SUMMARY
Adds an option for ciphers to the redfish modules and aligns with the ciphers option of the ansible.builtin.uri and community.crypto.get_certificate modules.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
redfish_command
redfish_config
redfish_info
ADDITIONAL INFORMATION
I use Ansible to manage various device types (e.g. PDU's, BMC's, etc) that only support legacy ciphers and/or do not support >2048 bit certificates. For some of these devices, depending on the Ansible controller, the redfish modules were experiencing a handshake failure, though I could still interact them with CLI or GUI web browsers (curl, Chrome, Firefox).
Without manually setting ciphers (example endpoint uses 2048 bit cert, TLSv1.2 / ECDHE-RSA-AES256-SHA, cannot be changed):
TASK [community.general.redfish_info] ************************************************************************************************************************************************************************************************************
fatal: [REDACTED]: FAILED! => {"changed": false, "msg": "URL Error on GET request to 'https://REDACTED/redfish/v1/': '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1007)'"}
This is a backport of PR #8533 as merged into main (0d50131d5ea8f1e82948b47daa4828432e5ddacf).
SUMMARY
Adds an option for ciphers to the redfish modules and aligns with the ciphers option of the ansible.builtin.uri and community.crypto.get_certificate modules.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
I use Ansible to manage various device types (e.g. PDU's, BMC's, etc) that only support legacy ciphers and/or do not support >2048 bit certificates. For some of these devices, depending on the Ansible controller, the redfish modules were experiencing a handshake failure, though I could still interact them with CLI or GUI web browsers (curl, Chrome, Firefox).
Without manually setting ciphers (example endpoint uses 2048 bit cert, TLSv1.2 / ECDHE-RSA-AES256-SHA, cannot be changed):
After manually setting ciphers to "HIGH":
Relevant task:
Ansible controller properties: