This is expected behaviour in VMware Cloud Director 10.4 as TLS 1.0 and TLS 1.1 are disabled by default at a Java and Cloud Director level.
Workaround:
To enable TLS 1.0 or TLS 1.1 at the Java and Cloud Director levels, follow the steps below
- SSH to a Cloud Director Cell.
- Navigate to the security directory.
cd /opt/vmware/vcloud-director/jre/conf/security
- Back up and then edit java.security using editor of your choice.
- Locate, the line that starts with "jdk.tls.disabledAlgorithms=" .
- Remove the entries corresponding to the protocols you wish to re-enable.
Example
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
to
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
This will enable TLSv1.1
- Save file and exit.
- Use opt/vmware/vcloud-director/bin/cell-management-tool ssl-protocols to enable the protocol in Cloud Director's configuration.
- Using opt/vmware/vcloud-director/bin/cell-management-tool ssl-protocols -d TLSv1 will reset the disallowed list to disallow TLSv1 only, enabling TLSv1.1 like in the above example.
- Once you have made the required Java and Cloud Director changes, restart the Cloud Director Service.
service vmware-vcd restart
- Repeat on all cells.