Command to Disable insecure TLS/SSL protocol suppo...

billvel · ‎07-29-2019

Hi Guys,

Need help on this:

1. How to Disable insecure TLS/SSL protocol support on ESXi 6.5

Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers.

2. Disable SSLv2, SSLv3, and TLS 1.0. The best solution is to only have TLS 1.2 enabled on ESXi 6.5

There is no server-side mitigation available against the BEAST attack. The only option is to disable the affected protocols (SSLv3 and TLS 1.0). The only fully safe configuration is to use Authenticated Encryption with Associated Data (AEAD), e.g. AES-GCM, AES-CCM in TLS 1.2.

birend1988 · ‎07-29-2019

Refer below KB's to disable TLS,

VMware Knowledge Base

Disable TLS Versions on ESXi Hosts

VCIX, NCAP

All

Command to Disable insecure TLS/SSL protocol support on ESXi 6.5