Hi,
I'm new to this forum. Can anyone help me on this? I need to know where to get patches or updates for ESXI 4.0, 4.1, 5.1 and 5.5 for disabling SSLV2 and SSLV3.
If there is no updates available for old versions like ESXI 4.0 and 4.1. Can you kindly show me how to disable SSLV2 and SSLV3 via command line using root account. Thanks alot.
Hi,
All the information you need to know about addressing the SSLV3 issues of recent months is to take a look at the VMware KB Article on POODLE
The main points are under the resolution, which states that you should disable SSLv3 capability in your browser. This will not affect VMware products as they support TLS.
SSLv3 is coming up in internal scans when being audited by IT firms. It doesn't matter if the "fix" is to use a browser that doesn't use SSLv3, the problem is that these hosts are showing up like bright red flares on audit reports that get sent to boards of directors and, in regulated industries, the parent regulatory body. That has real consequences for the business.
Here's some info that may actually help others: ESXi 5.5 - Disable SSL3 : vmware
The trick is to try and find a config that will disable as many of the bad ciphers as possible while still working with VMWare's own tools. I found the same config in ESXi 4.1 in /etc/vmware/hostd/config.xml
I don't know why this information is so hard to get on public forums. People throw up VMWare's "It's not our problem!" KBs as a "solution" and the only ones who lose out are the customers.
Ok, so I did this in the location mentioned in the thread I linked:
<useCompression>false</useCompression>
<cipherList>TLSv1.2:+HIGH:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL</cipherList>
The hosts are running:
VMWare ESXi 4.1.0 build 1682698
/etc/vmware/hostd # esxupdate query
------Bulletin ID------- -----Installed----- -------------------Summary--------------------
hpq-esxi4.1uX-bundle-1.1 2011-03-31T11:26:48 HP ESXi 4.1 Bundle 1.1
hp-nmi-driver-1.2.02 2011-03-31T11:27:30 HP NMI Sourcing Driver for VMware ESX/ESXi 4.1
ESXi410-Update01 2012-12-26T09:04:57 VMware ESXi 4.1 Complete Update 1
ESXi410-Update02 2012-12-26T09:06:53 VMware ESXi 4.1 Complete Update 2
ESXi410-Update03 2012-12-26T09:06:53 VMware ESXi 4.1 Complete Update 3
ESXi410-201312402-BG 2014-02-04T21:11:52 Updates VMware Tools
ESXi410-201404401-SG 2014-06-23T22:06:45 Updates Firmware
vSphere Client 4.1.0 Build 799345
vCenter Server Appliance 5.5.0.30100 Build 3154314
vSphere Web Client Version 5.5.0 Build 3154316
So far I am able to connect everything just fine. I have to get a test run to see if the cipherList actually did anything. Perhaps all the components are still running because the config.xml edits didn't do anything. I'll post back if this actually did something.
Hi,
I saw your reply. I am facing same issue.
I have a request to enable TLS 1.2 on my ESXi 5.0 & Vcenter server 5.0.
How to do that in a safe way. Please guide.
Thanks
Jitendra