1 Reply Latest reply on Apr 26, 2018 6:01 AM by lhoffer

    vServer support for TLS 1.0 1.1 1.2

    vmmed1 Novice

      What determines if a vServer listening at port 443/SSL and configured with a certificate supports TLS 1.0? Is that something endemic to the certificate itself? Or is that set elsewhere?

        • 1. Re: vServer support for TLS 1.0 1.1 1.2
          lhoffer Hot Shot
          vExpertVMware Employees

          Assuming you're referring to virtual servers on an edge load balancer, this would be determined by the cipher(s) you select in the application profile.

           

          As of NSX 6.2.4, SSLv3 and TLS 1.0 are both disabled by default so I usually just tell folks that if you want both TLS 1.1 and 1.2 support, you can choose the default (to enable all ciphers) or any specific ciphers you want.  If, on the other hand, you want to only support 1.2, select only the ciphers that don't use SHA-1 (so select only the ciphers that end in SHA256 or SHA384).  There are actually a few ECDH based ciphers in TLS 1.2 that do use SHA-1 as well so if you're interested I'd encourage you to check out the NSX-v 6.4 - Load Balancing ToI guide.  This is discussed in further detail starting on slide 77.