Search the VMware Knowledge Base (KB)
View by Article ID

Disabling SSLv3 protocol for VMware Authentication Proxy - Port 51915 (2136184)

  • 0 Ratings

Details

VMware Authentication Proxy uses IIS for hosting services, where insecure protocols like SSLv3 are used to maintain connections with the clients (ESXi host).

See the solution section for steps to disable SSLv3 and enable secure protocols like TLS 1.1 and TLS 1.2

Solution

The SChannel registry configuration is used to disable SSL 3.0, and weak ciphers on IIS.

Follow the steps below to disable the insecure protocols used by IIS:

  1. Open the Registry Editor on the server where the VMware Authentication Proxy is installed and run it as an administrator.
  2. Navigate to the following location in the Registry Editor window:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
  3. In the navigation tree, right-click on Protocols, and click New > Key.
  4. Enter SSL 3.0 as the key name.
  5. Right-click on SSL 3.0, and click New > Key to create a SSL 3.0 key.
  6. Name the SSL 3.0 key as Client.
  7. Repeat step 5 to create another SSL 3.0 key and name it as Server.
  8. Right-click on the Client key, and select New > DWORD (32-bit) Value.

    • Enter DisabledByDefault as the value name.
    • Double-click DisabledByDefault, and enter 1 as the data value.
    • Click OK.
  9. Right-click on the Server key, and select New > DWORD (32-bit) Value.

    • Enter Enabled as the value name.
    • Double-click Enabled, and enter 0 as the value data.
    • Click OK.

  10. Restart the server

To enable protocols such as TLS 1.1 and TLS 1.2, follow the steps listed above to create Client and Server keys under the required protocols. Under the Client and Server keys, add the DWORD (32-bit) values for DisabledByDefault and Enabled as 0 and 1 respectively as shown in the example below.

  • SCHANNEL\Protocols\TLS 1.1\Client
  • DWORD "Enabled" = 1
  • DWORD "DisabledByDefault" = 0
  • SCHANNEL\Protocols\TLS 1.1\Server
  • DWORD "Enabled" = 1
  • DWORD "DisabledByDefault" = 0

For more information on disabling other protocols and cipher suites, please refer https://support.microsoft.com/en-us/kb/245030

Additional Information

For translated versions of this article, see:

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: