Enabling TLS 1.0 or TLS 1.1 for VMware Cloud Director 10.4
Article ID: 320449
Updated On:
Products
VMware Cloud Director
Issue/Introduction
TLS 1.0 and 1.1 will be disabled by default with VMware Cloud Director 10.4.
If a customer has integrating components which require these versions, these steps will help to enable these older protocol versions.
If a customer has integrating components which require these versions, these steps will help to enable these older protocol versions.
Environment
VMware Cloud Director 10.x
Resolution
This is expected behaviour in VMware Cloud Director 10.4 as TLS 1.0 and TLS 1.1 are disabled by default at a Java and Cloud Director level.
Workaround:
To enable TLS 1.0 or TLS 1.1 at the Java and Cloud Director levels, follow the steps below
Workaround:
To enable TLS 1.0 or TLS 1.1 at the Java and Cloud Director levels, follow the steps below
- SSH to a Cloud Director Cell.
- Navigate to the security directory.
cd /opt/vmware/vcloud-director/jre/conf/security
- Back up and then edit java.security using editor of your choice.
- Locate, the line that starts with "jdk.tls.disabledAlgorithms=" .
- Remove the entries corresponding to the protocols you wish to re-enable.
Example
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
to
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
This will enable TLSv1.1
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
to
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
This will enable TLSv1.1
- Save file and exit.
- Use opt/vmware/vcloud-director/bin/cell-management-tool ssl-protocols to enable the protocol in Cloud Director's configuration.
- Using opt/vmware/vcloud-director/bin/cell-management-tool ssl-protocols -d TLSv1 will reset the disallowed list to disallow TLSv1 only, enabling TLSv1.1 like in the above example.
- Once you have made the required Java and Cloud Director changes, restart the Cloud Director Service.
service vmware-vcd restart
- Repeat on all cells.
Additional Information
Manage the List of Allowed SSL Protocols
https://docs.vmware.com/en/VMware-Cloud-Director/10.3/VMware-Cloud-Director-Install-Configure-Upgrade-Guide/GUID-B63373E4-9470-4923-B93D-692972A7D419.html
Impact/Risks:
Note:
- Enabling older protocols may put your system at risk. Please only do so if required.
- The Workaround below needs to be applied to all Cells, and any additional Cells you may deploy.
- Performing any upgrade will revert the changes, and the workaround will need to be applied again.
Feedback
Yes
No
Powered by
