Use TLS Configurator utility to enable or disable TLS Versions on ESXi Hosts.
Starting with vSphere 6.7, the TLS Configurator utility is included in the product. You no longer download it separately.
Ref - https://kb.vmware.com/s/article/2147469
Ref- https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-BDCE47DD-8AD2-4C9...
*Note:
Ensure that any products or services associated with the ESXi host can communicate using TLS 1.1 or TLS 1.2. For products that communicate only using TLS 1.0, connectivity is lost.
- To disable TLS 1.2, and enable only TLS 1.1 on an individual host, run the following command.
[ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h <ESXi_Host_Name> -u <vCenter_Administrative_User> -p TLSv1.1
or (on an standalone ESXi host)
[ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx ESXiHost -h <ESXi_Host_Name> -u root -p TLSv1.1
- Once completed, the hosts will be flagged for reboot , reboot the ESXi host to complete the TLS protocol changes.