A Docker-based SSL/TLS proxy that enables modern browsers to connect to old Dell iDRAC6 interfaces by translating between modern and legacy SSL/TLS protocols.
iDRAC6 uses extremely outdated SSL/TLS:
- SSLv3 / TLS 1.0
- Weak ciphers (3DES, RC4, etc.)
- Self-signed certificates
Modern browsers reject these connections with ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
This proxy:
- Uses OpenSSL 1.0.2u with SSLv3 support explicitly enabled
- Accepts TLS 1.2+ from your modern browser
- Connects to iDRAC6 using SSLv3/TLS 1.0
- Proxies all traffic transparently
Your Browser (TLS 1.2+) → Proxy (translation) → iDRAC6 (SSLv3/TLS 1.0)
https://localhost:8443 https://192.168.1.21:443
Single iDRAC:
docker run -d \
--name idrac-proxy \
-p 8443:8443 \
-e IDRAC_HOST=192.168.1.21 \
-e IDRAC_PORT=443 \
--restart unless-stopped \
ghcr.io/skylord123/docker-idrac6-proxy:latestThen access: https://localhost:8443
Multiple iDRACs:
# iDRAC 1
docker run -d \
--name idrac1-proxy \
-p 8443:8443 \
-e IDRAC_HOST=192.168.1.21 \
ghcr.io/skylord123/docker-idrac6-proxy:latest
# iDRAC 2
docker run -d \
--name idrac2-proxy \
-p 8444:8443 \
-e IDRAC_HOST=192.168.1.22 \
ghcr.io/skylord123/docker-idrac6-proxy:latest- Download docker-compose.yml:
wget https://raw.githubusercontent.com/skylord123/docker-idrac6-proxy/main/docker-compose.yml- Edit your iDRAC IP:
environment:
- IDRAC_HOST=192.168.1.21 # ← Change this to your iDRAC IP- Start the proxy:
docker compose up -d- Access iDRAC:
Open your browser to
https://localhost:8443and accept the certificate warning.
- Clone the repository:
git clone https://github.com/skylord123/docker-idrac6-proxy.git
cd docker-idrac6-proxy- Edit docker-compose.yml to build locally:
services:
idrac-proxy:
# Comment out the image line
# image: ghcr.io/skylord123/docker-idrac6-proxy:latest
build: . # Uncomment this line- Configure your iDRAC IP in docker-compose.yml:
environment:
- IDRAC_HOST=192.168.1.21 # ← Change this- Build and start:
docker compose build # Takes 5-10 minutes
docker compose up -d- Access iDRAC:
Open your browser to
https://localhost:8443
Edit docker-compose.yml:
environment:
- IDRAC_HOST=10.0.1.100 # Your iDRAC IP
- IDRAC_PORT=443Then restart:
docker compose restartEdit docker-compose.yml:
ports:
- "9443:8443" # Access via port 9443
environment:
- PROXY_PORT=8443 # Keep internal port as 8443Then access via https://localhost:9443
Create multiple service entries in docker-compose.yml:
services:
idrac1-proxy:
build: .
container_name: idrac1-proxy
ports:
- "8443:8443"
environment:
- IDRAC_HOST=192.168.1.21
idrac2-proxy:
build: .
container_name: idrac2-proxy
ports:
- "8444:8443"
environment:
- IDRAC_HOST=192.168.1.22docker logs idrac-proxyLook for:
OpenSSL version: OpenSSL 1.0.2u- Confirms legacy OpenSSLlistening on AF=2 0.0.0.0:8443- Proxy is running- SSL connection messages when you access it
From your host, verify the iDRAC is reachable:
# Basic connectivity
ping 192.168.1.21
# Check if HTTPS port is open
nc -zv 192.168.1.21 443# Test what SSL/TLS versions the iDRAC supports
docker exec idrac-proxy /opt/openssl-legacy/bin/openssl s_client \
-connect 192.168.1.21:443 -ssl3"Connection refused"
- Check that your iDRAC IP is correct
- Verify the iDRAC is powered on and accessible
"SSL handshake failed"
- The iDRAC might be using an even more restricted protocol
- Check the logs for specific SSL errors
Browser shows "This site can't provide a secure connection"
- Make sure you're using
https://nothttp:// - The proxy only speaks SSL/TLS
Still getting certificate errors after accepting
- Clear your browser cache
- Try a different browser
- Check docker logs for backend connection errors
Pre-built Docker images are automatically published to GitHub Container Registry on every release:
- Latest stable:
ghcr.io/skylord123/docker-idrac6-proxy:latest - Specific version:
ghcr.io/skylord123/docker-idrac6-proxy:v1.0.0 - Branch builds:
ghcr.io/skylord123/docker-idrac6-proxy:branch-feature-name
Images are built for both linux/amd64 and linux/arm64 platforms.
-
OpenSSL 1.0.2u with:
enable-ssl3- SSLv3 supportenable-ssl3-method- SSLv3 methodsenable-weak-ssl-ciphers- Old ciphers (3DES, RC4, etc.)
-
socat 1.7.4.4 linked against the custom OpenSSL
Frontend (Browser → Proxy):
- TLS 1.2+ (modern protocols)
- Modern cipher suites
- Self-signed certificate (you'll see a warning)
Backend (Proxy → iDRAC6):
- SSLv3 / TLS 1.0 / TLS 1.1
- ALL ciphers enabled (including weak ones)
- Certificate verification disabled
Modern OpenSSL (1.1.1+) has SSLv3 and many old ciphers completely removed from the codebase. By compiling OpenSSL 1.0.2u from source with explicit legacy options, we get full support for the ancient protocols iDRAC6 requires.
- SSLv3 has known vulnerabilities (POODLE, etc.)
- Weak ciphers can be broken
- Certificate validation is disabled
Only use this on isolated management networks. Never expose to the internet.
This is a necessary evil for accessing legacy hardware that can't be updated.
Dockerfile- Builds OpenSSL 1.0.2u and socat from sourcedocker-compose.yml- Service configurationentrypoint.sh- Proxy startup scriptREADME.md- This file
MIT - Use at your own risk for managing legacy hardware.
Docker images are automatically built and published to GitHub Container Registry:
- Master/Main branch →
:latesttag - Release tags (e.g.,
v1.0.0) →:v1.0.0and:latesttags - Other branches →
:branch-<branch-name>tag - Multi-architecture support (amd64, arm64)
See .github/workflows/docker-publish.yml for the build configuration.
If this still doesn't work:
- Check
docker logs idrac-proxyfor errors - Verify your iDRAC IP is correct
- Try accessing iDRAC directly from the container:
docker exec -it idrac-proxy /opt/openssl-legacy/bin/openssl s_client \ -connect 192.168.1.21:443 -ssl3 -showcerts - Open an issue with:
- Docker version
- Host OS
- Full error logs
- Output from the OpenSSL test above
- OpenSSL team for maintaining the 1.0.2 branch
- socat developers for the flexible relay tool
- Dell for... making hardware that lasts decades (even if the software doesn't)