Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products
Article ID: 319422
Updated On:
Products
VMware
VMware Aria Suite
VMware Live Recovery
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Due to security concerns in the TLSv1.0 protocol, both Payment Card Industry (PCI) and BSI organizations have suggested to implement and enable TLSv1.1 or TLSv1.2, and move away from the use of TLSv1.0 as soon as possible. In this article we are providing the current status of that implementation across applicable VMware products.
Disclaimer:
- Some products or older release versions of some products may not be listed here because either there are no plans for implementing the newer TLS protocols or where TLS changes are not applicable. These products may have reached or are approaching their End of Availability (EOA) or End of Service (EOS).
- If you do not observe your product in the tables below or want to get notified in future when the implementation becomes available, please Subscribe to Document to be alerted when more information becomes available.
Environment
VMware vCenter Server 6.0.x
VMware vRealize Automation 7.0.x
VMware vSphere Replication 6.0.x
VMware vRealize Automation 7.0.x
VMware vSphere Replication 6.0.x
Resolution
From implementation perspective, TLSv1.1/1.2 enablement is always done as default whereas TLSv1.0 disablement might have been either Default (disabled by default) or through an Option (can be disabled through an option). Review the Implementation Type for TLSv1.0 Disablement to know how it has been implemented.
By design, VMware attempts to have all services communicate on the highest protocol available within and between products.
Note: For backwards compatibility and interoperability considerations, in some products, although TLSv1.0 disablement is implemented as default, there may be an option to revert that change. Check the documentation provided to know the details as applicable.
The products and their status are listed in 3 tables below.
- Product where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are completed.
- Products where only TLSv1.1/1.2 Enablement has been completed but TLSv1.0 Disablement is pending
- Products where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are pending.
Notes:
- The TLSv.1.0 Disablement Version is the first release with TLSv1.0 disabled, all subsequent releases will have this disabled by default.
- The TLSv1.1/1.2 Enablement Version is the first release with TLSv1.1/1.2 enabled always by default, all subsequent releases will have this disabled by default.
1. Product where both TLSv1.1/1.2 Enablement and TLSv1.0 Disablement are Completed
|
Product
|
TLSv1.1/1.2 Enablement (always default)
Version |
TLSv1.0 Disablement
|
Documentation
| |
|
Version
|
Implementation
Type | |||
| VMware Platform Services Controller (External) 6.x VMware Platform Services Controller Appliance (External) 6.x | 6.7 | 6.7 | Default | Managing TLS Protocol Configuration with the TLS Configurator Utility Release Notes for Platform Services Controller 6.7 |
|
6.5
|
6.5
|
Option
|
Managing TLS protocol configuration for vSphere 6.5 (2147469)
Release Notes for Platform Services Controller 6.5 | |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
Release Notes for vCenter Server 6.0 U3
| |
|
VMware Identity Manager 2.x
|
2.6
|
2.6
|
Default
|
Enabling TLS 1.0 protocol in VMware Identity Manager 2.6 (2144805)
Release Notes for VMware Identity Manager 2.6 |
|
VMware Integrated OpenStack 3.x
|
3.0
|
3.0
|
Option
|
Release Notes for VMware Integrated OpenStack 3.0
|
|
VMware vCloud Director for Service Providers 8.x
|
8.10
|
8.10
|
Option
|
Managing the List of Allowed SSL Protocols in the vCloud Director Administrator's Guide
Release Notes for VMware vCloud Director for Service Providers 8.10 |
|
VMware vCloud Availability for vCloud Director 1.x
|
1.0.1
|
1.0.1
|
Option
|
Configuring vCloud Director for Installation in the vvCloud Availability for vCloud Director Installation and Configuration Guide
Release Notes for vCloud Availability for vCloud Director 1.0.1 |
|
VMware vCloud Usage Meter 3.5
|
3.5
|
3.5
|
Default
|
Release Notes for VMware vCloud Usage Meter 3.5
|
| VMware vCloud Usage Meter 3.6 | 3.6 | 3.6 | Default | Release Notes for VMware vCloud Usage Meter 3.6 |
|
VMware vCloud Air Hybrid Cloud Manager 2.x
|
2.0
|
2.0
|
Option
|
Hybrid Cloud Manager Security Protocol (2146900)
Release Notes for VMware vCloud Air Hybrid Cloud Manager 2.0 |
|
VMware vRealize Business Advanced and Enterprise 8.x
|
8.2.4
|
8.2.4
|
Default
|
Release Notes for vRealize Business Advanced and Enterprise 8.2.4
|
|
VMware vRealize Business Standard for Cloud 7.x
|
7.1.0
|
7.1.0
|
Default
|
Enable or Disable TLS in the vRealize Business for Cloud Install Guide
Release Notes for vRealize Business Standard for Cloud 7.1.0 |
|
VMware vRealize Configuration Manager 5.x
|
5.8.2
|
5.8.3
|
Default
|
Release Notes for VMware vRealize Configuration Manager 5.8.3
Release Notes for VMware vRealize Configuration Manager 5.8.2 |
|
VMware NSX for vSphere 6.x
Includes: Manager, Controller, Endpoint, Edge. |
6.2.4
|
6.2.4
|
Option
|
Disabling Transport Layer Security (TLS) 1.0 on NSX (2145749)
Release Notes for VMware NSX for vSphere 6.2.4 |
|
VMware vCenter Server 6.x
VMware vCenter Server Appliance 6.x |
6.7
|
6.7
| Default |
Managing TLS Protocol Configuration with the TLS Configurator Utility
Release Notes for vCenter Server 6.7 |
| 6.5 | 6.5 | Option | Managing TLS protocol configuration for vSphere 6.5 (2147469) Release Notes for vCenter Server 6.5 | |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
Release Notes for vCenter Server 6.0 U3
| |
|
vCenter Server Heartbeat 6.6.x
|
6.6 Update 2
|
6.6 Update 2
|
Option
|
Configuring VMware vCenter Server Heartbeat to use only TLS2v1.1 and TLSv1.2 (2146352)
Release Notes for vCenter Server Heartbeat 6.6 Update 2 |
|
VMware vRealize Automation 7.x
|
7.0.1
|
7.1.0
|
Option
|
Disabling TLS 1.0 in vRealize Automation (2146570)
Release Notes for VMware vRealize Automation 7.1.0 Release Notes for VMware vRealize Automation 7.0.1 |
|
VMware vRealize Orchestrator 7.x
|
7.0.0
|
7.0.1
|
Default
|
Enable SSLv3 and TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (2144318)
Release Notes for vRealize Orchestrator 7.0.0 Release Notes for vRealize Orchestrator 7.0.1 |
|
VMware vSphere Update Manager 6.x
|
6.5
|
6.5
|
Option
|
Managing TLS protocol configuration for vSphere 6.5 (2147469)
Release Notes for vSphere Update Manager 6.5 |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
Release Notes for vSphere Update manager 6.0 U3
| |
|
VMware vRealize Infrastructure Navigator 5.8.x
|
5.8.5
|
5.8.5
|
Option
|
Disabling TLSv1 Support in vRealize Infrastructure Navigator (2139941)
Release Notes for vRealize Infrastructure Navigator 5.8.5 |
|
VMware vCenter Support Assistant 6.x
|
6.0.2
|
6.0.2
|
Default
|
TLS protocol configuration options for vCenter Support Assistant (2146079)
Release Notes for vCenter Support Assistant 6.0.2 |
|
VMware vRealize Operations 6.2.x
|
6.2.0
|
6.2.x
|
Option
|
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)
Release Notes for vRealize Operations Manager 6.2.0 |
|
VMware vRealize Operations Management pack for MEDITECH 1.0
|
6.2.0
|
6.2.x
|
Option
|
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)
Release Notes for vRealize Operations Manager 6.2.0 |
|
VMware vRealize Operations Management pack for Epic 1.0
|
6.2.0
|
6.2.x
|
Option
|
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)
Release Notes for vRealize Operations Manager 6.2.0 |
|
VMware vRealize Operations Management pack for Published Applications 6.x
|
6.1.1
|
6.1.1
|
Default
|
Release Notes for VMware vRealize Operations for Published Applications 6.1.1
|
|
VMware vRealize Hyperic 5.x
|
5.8.6
|
5.8.6
|
Default
|
Release Notes for vRealize Hyperic 5.8.6
|
|
VMware vRealize Log Insight 4.x
|
4.0
|
4.0
|
Option
| |
|
VMware vRealize Log Insight 3.x
|
3.0
|
3.0
|
Option
|
Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers (2144162)
How to disable TLS 1.0 in vRealize Log Insight (2146305) Release Note for vRealize Log Insight 3.6 Release Note for vRealize Log Insight 3.3 Release Note for vRealize Log Insight 3.0 |
|
VMware Site Recovery Manager 6.x |
6.5
|
6.5
|
Default
|
Release Notes for Site Recovery Manager 6.5
|
|
6.1
|
6.1.1
|
Option
|
TLS Configuration Options For Site Recovery Manager 6.1.1 (2145910)
Release Notes for Site Recovery Manager 6.1 Release Notes for Site Recovery Manager 6.1.1 | |
|
VMware vSphere Replication 6.x |
6.5
|
6.5
|
Default
|
Release Notes for vSphere Replication 6.5
|
|
6.1.1 |
6.1.1 |
Option |
TLS protocol configuration options for vSphere Replication 6.1.1 (2145893)
Release Notes for vSphere Replication 6.1.1 | |
|
VMware ESXi 6.x
|
6.7
|
6.7
|
Option
|
Managing TLS Protocol Configuration with the TLS Configurator Utility
Release Notes for vSphere ESXi 6.7 |
| 6.5 | 6.5 | Option | Managing TLS protocol configuration for vSphere 6.5 (2147469) Release Notes for vSphere ESXi 6.5 | |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
Release Notes for vSphere ESXi 6.0 U3
| |
|
VMware Tools 10.x
|
10.0.0
|
10.1.0
|
Default
|
Release Note for VMware Tools 10.1.0
Release Note for VMware Tools 10.0.12 Note: TLSv1.2 is leveraged for internal communications only as VMware Tools does not use SSL based communication to other components. |
|
VMware vSAN 6.x |
6.7
|
6.7
|
Option
|
Release Notes for VMware vSAN 6.7
|
| 6.6 | 6.6 | Option | Release Notes for VMware vSAN 6.6 | |
| 6.5 | 6.5 | Option | Managing TLS protocol configuration for vSphere 6.5 (2147469) Release Notes for VMware vSAN 6.5 | |
|
6.2
|
6.2
|
Option
|
Release Notes for VMware vSAN 6.2
| |
|
VMware AppVolumes 2.x
|
2.11.0
|
2.11.0
|
Default
| |
|
VMware AppVolumes 3.x
|
3.0
|
3.0
|
Default
|
VMware AppVolumes 3.0 Installation and Administration Guide
Release Notes for VMware App Volumes 3.0 |
|
VMware vRealize Code Stream 2.x
|
2.1.0
|
2.1.0
|
Option
|
Disabling TLS 1.0 in vRealize Automation (2146570)
Release Notes for VMware vRealize Code Stream 2.1 |
|
VMware Remote Console 8.x
|
8.0
|
8.0
|
Default
|
Release Notes for VMware Remote Console 8.0
|
|
VMware vFabric tc Server 2.9.x
|
2.9.13
|
2.9.13
|
Option
|
Release Notes for vFabric tc Server 2.9
|
|
VMware Horizon for Linux 6.2.x
|
6.2.1
|
6.2.1
|
Default
|
Setting Options in Configuration Files on Linux Desktop in the Horizon 6 Version 6.2 Guide
Release Notes for VMware Horizon 6 version 6.2.1 |
|
VMware Horizon Client 4.x
|
4.0.1
|
4.0.1
|
Option
|
Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for iOS
Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Android Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Mac OS X Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Linux Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Windows Release Notes for VMware Horizon Client 4.1 for iOS Release Notes for VMware Horizon Client 4.1 for Android Release Notes for VMware Horizon Client 4.1 for Mac OS X Release Notes for VMware Horizon Client 4.1 for Linux Release Notes for VMware Horizon Client 4.1 for Windows |
|
VMware Horizon View 7.x
|
7.0
|
7.0
|
Default
|
Configuring security protocols on components to connect the View Client with desktops (2130798)
Release Notes for VMware Horizon View 7.0 |
|
VMware Horizon View 6.x
|
6.2.1
|
6.2.1
|
Default
|
Configuring security protocols on components to connect the View Client with desktops (2130798)
Release Notes for VMware Horizon View 6.2.1 |
|
VMware Horizon Air 16.x
|
16.6.0
|
16.6.0
|
Option
| |
|
Horizon Daas 7.0
|
7.0.0
|
7.0.0
|
Default
|
Release Notes for VMware Horizon DaaS 7.0
|
|
VMware Mirage
|
5.7
|
5.7
|
Option
| |
|
VMware Horizon Air Hybrid-mode 1.x
|
1.0
|
1.0
|
Default
|
Change the Security Protocols and Cipher Suites Used for TLS or SSL Communication in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide
Configuration Settings for System Settings and Server Certificates in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide Release Notes for VMware Horizon Air Hybrid-mode 1.0 |
|
VMware Software Manager - Download Server
|
1.3
|
1.3
|
Default
|
Enable SSLv3 or TLSv1 in the VMware Software Manager - Download Service User Guide.
Release Notes for VMware Software Manager 1.3 |
|
VMware Photon OS
|
1.0
|
1.0
|
Option
|
Disabling TLS 1.0 to Improve Transport Layer Security in the Photon OS Administration Guide
|
|
VMware Continuent 5.x
Includes: Analytics and Big Data, Cluster, Disaster Recovery, Replication |
5.0
|
5.0
|
Default
|
Release Notes for VMware Software Manager 5.0
|
|
VMware vSphere Big Data Extension 2.3.x
|
2.3.2
|
2.3.2
|
Option
|
Release Notes for vSphere Big Data Extension 2.3
|
|
NSX-T
|
1.1
|
1.1
|
Default
|
Release Notes for NSX-T 1.1
|
|
vCenter Chargeback Manager
|
2.7.2
|
2.7.1
|
Default
|
Release Notes for Chargeback Manager 2.7.2
|
|
VMware Network Insight 3.x
|
3.3
|
3.3
|
Default
|
Release Notes for VMware Network Insight 3.3
|
2. TLSv1.1/1.2 Enablement Completed and TLSv1.0 Disablement Pending
As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.
</u>
| Product | TLSv1.1/1.2 Enablement (always default) Version | TLSv1.0 Disablement Planned Version | Documentation |
| VMware vCenter Converter Standalone 6.x | 6.1.1 | (Pending) | VMware vCenter Converter Standalone User's Guide (Page 40) Release Notes for VMware vCenter Converter Standalone 6.1.1 |
| VMware Fusion 8.x | 8.0.0 | (Pending) | Release Notes for VMware Fusion 8 |
| VMware Workstation Pro/Player 12.x | 12.0.0 | (Pending) | Release Notes for VMware Workstation 12 Pro Release Notes for VMware Workstation 12 Player |
| VMware vSphere Data Protection 6.1.x | 6.14 | (Pending) | Release Notes for Data Protection 6.1.4 |
3. TLSv1.1/1.2 Enablement Pending and TLSv1.0 Disablement Pending
As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.
| Product | TLSv1.1/1.2 Enablement (always default) Planned Version | TLSv1.0 Disablement Planned Version | Documentation |
| VMware Photon Controller 1.x | (Pending) | (Pending) |
(Pending) |
| Bitfusion 3.0 | 3.5 | 3.5 | (Pending) |
Additional Information
Configure PCoIP security protocols and cipher suites for Horizon 7 components
Enabling the TLSv1.1 and TLSv1.2 protocols for PowerCLI
How to disable TLS 1.0 and 1.1 in vRealize Operations Manager 6.x
Disabling TLSv1 Support in vRealize Infrastructure Navigator
Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers
How to enable SSLv3 and TLSv1 for outgoing HTTPS connections manually in vRealize Orchestrator
Enabling TLS 1.0 protocol in VMware Identity Manager
Disabling TLS 1.0 on Windows systems
How to disable Transport Layer Security (TLS) 1.0 on NSX
TLS protocol configuration options for vSphere Replication 6.1.1
TLS Configuration Options For Site Recovery Manager 6.1.1 and later
TLS protocol configuration options for vCenter Support Assistant
How to disable TLS v1.0 in vRealize Log Insight
Configuring VMware vCenter Server Heartbeat to use only TLS2v1.1 and TLSv1.2
Disabling TLS 1.0 in vRealize Automation
Disabling TLS 1.0 in Horizon Air Appliances
Hybrid Cloud Manager Security Protocol
Managing TLS protocol configuration for vSphere 6.5
VMware 製品での TLSv1.1/1.2 有効化と TLSv1.0 無効化のステータス
VMware 产品中的 TLSv1.1/1.2 启用和 TLSv1.0 禁用的状态
Managing TLS protocol configuration for vSphere 6.0 Update 3
Managing the TLS protocol configuration for Update Manager 6.0 Update 3 and Update Manager 6.5
Feedback
Yes
No
Powered by
