curl: (35) OpenSSL/3.0.13: error:0A00014D:SSL routines::legacy sigalg disallowed or unsupported Failed to retrieve key. Wrong password or banned?

[OverStyleFR]

Hi, i have this issue !

Can someone help me ? I don't think there is something on the README.md to help me with that.

I really want to use KVM console on my Linux (Debian 12) !

[markusdd]

see if this gives you a clue.

I cannot do any testing as I do not have access to any legacy ilo machines anymore

https://github.com/markusdd/ilo-utils/pull/4

[OverStyleFR]

Mhm, so my problem can't be fix ?

[markusdd]

Not by me anyway.

Please look at the other open issue and the pull request I linked, most likely the fix will be derating the security settings before connecting.

These old ilo machines use extremely outdated crypto standards so with each new distribution it will require more workarounds, even more what I have already built in.

[OverStyleFR]

I looked the pull request you linked, but i don't understand how to set the security level to 0

[OverStyleFR]

Ok my bad, i downgrade the level of security

But, a another problem :

When i launch the script, it will connecte and launch the KVM console, but close instantly...

[OverStyleFR]

If can help :

[markusdd]

it literally says what the problem is: it cannot download the proper jar file for the console.

So either your ilo is outdated and you should update your machine, or HP at some point released something newer and the name has changed (unlikely, as ilo 3 is discontinued).

If you try to start the java console via the web you should be able to see with your browser what the proper name is, you then need to patch the script here https://github.com/markusdd/ilo-utils/blob/0a9382b0514be168e9800c8a30928317f4aadcb9/ilo-console.sh#L33

[OverStyleFR]

Okay, so i checked but...

It's the correcte name..

<?xml version="1.0" encoding="UTF-8"?><jnlp spec="1.0+" codebase="https://192.168.1.30/" href=""><information><title>Integrated Remote Console</title><vendor>HPE</vendor><offline-allowed></offline-allowed></information><security><all-permissions></all-permissions></security><resources><j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se"></j2se><jar href="https://192.168.1.30/html/intgapp3_231.jar" main="false" /></resources><property name="deployment.trace.level property" value="basic"></property><applet-desc main-class="com.hp.ilo2.intgapp.intgapp" name="iLOJIRC" documentbase="https://192.168.1.30/html/java_irc.html" width="1" height="1"><param name="RCINFO1" value="4b929b7dabb24b7f155e55ed8513af1d"/><param name="RCINFOLANG" value="en"/><param name="INFO0" value="7AC3BDEBC9AC64E85734454B53BB73CE"/><param name="INFO1" value="17988"/><param name="INFO2" value="composite"/></applet-desc><update check="background"></update></jnlp>

<jar href="https://192.168.1.30/html/intgapp3_231.jar"

[markusdd]

so if you installed the proper Java 8 via the script and also followed all other settings as described then I am not sure what is missing. it should start downloading it.

[OverStyleFR]

so if you installed the proper Java 8 via the script and also followed all other settings as described then I am not sure what is missing. it should start downloading it.

Yep, i execute the bas-install script and the generate-ilo-sript. But seams not works for me :(

[markusdd]

then you need to do some manual debugging, like e.g. trying to download the jar via curl and see if that works etc.

As said: no chance for me to reproduce, I have no such machines anymore.

[OverStyleFR]

That's work

[OverStyleFR]

There is a way to use the .jar i just downloaded and use it to run the KVM console ? (i don't know if this is understandable)

[markusdd]

the ilo-console.sh script is using hte downloaded .jar but if you look into it you will see it is a bit more complicated than just running the .jar.

You can only try to cross-check if all TLS settings etc are correct and maybe try to connect with other users who are still actively using this project.