VMware Cloud Community
mvrk
Enthusiast
Enthusiast
‎04-26-2016 03:32 PM
Jump to solution

ESXi 6 / vCenter 6 - SSLv3

Hi,

Is there a possibility (like in 5.5u3b) to reenable SSLv3 on port 443 for ESXi 6.0 and vCenter 6.0 ?

Reply
0 Kudos
1 Solution

Accepted Solutions
mvrk
Enthusiast
Enthusiast
‎04-26-2016 03:52 PM
Jump to solution

Just found the solution for ESXi 6.0 :

Authd - Port 902

esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""

Hostd - rhttpproxy - Port 443

esxcli system settings advanced set -o /UserVars/ESXiRhttpproxyDisabledProtocols -s ""


/etc/init.d/rhttpproxy restart

And for vCenter 6.0 :

/etc/vmware-rhttpproxy/config.xml

Edit the file to add or remove <sslOptions>16924672</sslOptions> to enable or disable SSLv3 respectively:

<vmacore>
...

<ssl>
...
<sslOptions>16924672</sslOptions>
</ssl>

...

</vmacore>


/etc/init.d/vmware-rhttpproxy restart

View solution in original post

Reply
0 Kudos
2 Replies
mvrk
Enthusiast
Enthusiast
‎04-26-2016 03:52 PM
Jump to solution

Just found the solution for ESXi 6.0 :

Authd - Port 902

esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""

Hostd - rhttpproxy - Port 443

esxcli system settings advanced set -o /UserVars/ESXiRhttpproxyDisabledProtocols -s ""


/etc/init.d/rhttpproxy restart

And for vCenter 6.0 :

/etc/vmware-rhttpproxy/config.xml

Edit the file to add or remove <sslOptions>16924672</sslOptions> to enable or disable SSLv3 respectively:

<vmacore>
...

<ssl>
...
<sslOptions>16924672</sslOptions>
</ssl>

...

</vmacore>


/etc/init.d/vmware-rhttpproxy restart

Reply
0 Kudos
wgentrycni
Contributor
Contributor
‎05-16-2016 01:04 PM
Jump to solution

odd question.. would restarting rhttpproxy cause any downtime?

Reply
0 Kudos