Unsolved
1 Rookie
•
32 Posts
0
1073
November 19th, 2019 14:00
Disable SSL in VSM 5.0.1
Is there a way to disable SSLv2, SSLv3, TLSv1 in the Virtual Storage Manager? I have the latest version 5.0.1 installed.
I imagine I could do it in Centos if I could break out of the config menu that appears when you log in to the console or over SSH. Any way to do that?
My next attempt will be to shut down the VM, attach the vmdk to a different Linux VM, mount it read-write, and modify the config files manually...
No Events found!
dwilliam62
4 Operator
•
1.5K Posts
0
November 19th, 2019 21:00
Hello,
There is no supported way to disabling those protocols and insure proper functionality with vSphere. If you do decide to modify files, and have issues later, please make sure you inform them of the changes you made.
Regards,
Don
amunter
1 Rookie
•
32 Posts
0
November 20th, 2019 08:00
OK. Got it. It's fair to tell support if I ever call them.
I booted to an Ubuntu install ISO and mounted the hard drive.
I went in and edited /opt/vmware/etc/lighttpd/lighttpd.conf and down near the bottom I added:
ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2, TLSv1.3")
Now when I go to https://vsm:443/ and look at the security tab I see that I'm connecting over TLSv1.2 and vCenter also seems to be fine with it. Not sure yet if that eliminated SSLv2 and SSLv3, but I'm cautiously optimistic.
dwilliam62
4 Operator
•
1.5K Posts
0
November 20th, 2019 09:00
Hello,
Glad it worked for you. I tend to be very cautious since I once experienced after upgrading ESXi nodes, a change in protocol settings meant that the older vCenter would not connect to the upgraded ESXi nodes. Granted I should have upgraded vCenter first.
Regards,
Don