Connexion à vSphere 5.5 depuis Windows 2003

Logo Windows Server 2003

Si comme certains de nos clients vous vivez un peu dans la nostalgie en conservant Windows 2003 comme .. un vieux doudou tout miteux mais précieux quand même .. et que vous avez besoin de vous connecter à vSphere 5.5 , vous allez être embêté : c’est compliqué sans appliquer un bon vieux patch.

Le fichier précieux recherché est nommé 351387_FRA_i386_zip.exe , il a pour référence de hotfix Fix192447

Voici – en anglais dans le texte – la description de ce qu’il affecte :

This update adds support for the following Advanced Encryption Standard (AES) cipher suites in the Schannel.dll module for Windows Server 2003:
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

Note These cipher suites are based on the RC4 algorithm.

OpenSSL supports several 128-bit and 256-bit AES cipher suites. OpenSSL is used in most open software products on Unix systems. For example, OpenSSL is used in Sendmail, Postfix, Firefox, and Thunderbird. Currently, the only 128-bit cipher suite that is mutually available is RC4. There is no 256-bit cipher available.

If customers set the high cipher strength option in OpenSSL for their software product, OpenSSL disables all 128-bit ciphers. In this case, Windows-based systems cannot negotiate by using Transport Layer Security (TLS) because there are no mutually supported cipher suites. Therefore, there is usually an interoperability issue between Microsoft Exchange Server and the Postfix server, or there is an interoperability issue between Exchange Server and the Sendmail server. To work around this issue, you must use a weaker cipher and weaker cipher strength.

With this update, you can support 128-bit and 256-bit cipher suites without Cryptography Next Generation (CNG). This update lets you use greater cipher strength. It also fixes the interoperability issue between the Exchange server and the Sendmail server and between the Exchange server and the Postfix server.

Pour le télécharger, c’est par là.

Note: si vous cherchez à faire cela sur Windows XP, c’est aussi possible mais c’est au niveau de l’hyperviseur qu’il faut changer la configuration comme le décrit la KB 2049143 de VMware.

Pensez à changer de version de Windows un jour ;-)

Tags: , ,