Search the VMware Knowledge Base (KB)
View by Article ID

Configuring TLS protocol for VMware vSAN Observer 6.0 Update 3 (2144800)

  • 0 Ratings

Details

In VMware vSAN Observer 6.0 Update 3, the TLS protocol versions 1.0, 1.1, and 1.2 are all enabled by default. You can disable TLSv1.0, TLSv1.1, and TLSv1.2. In vSphere 6.0 Update 3, you can manage the TLS protocol configuration by using the TLS Reconfiguration Utility. To manage TLS protocol in vSphere 6.0 Update 3, see KB 2148819. However, VSAN Observer 6.0 Update 3 does not use this utility, and you must reconfigure the TLS protocol manually.  This article provides steps to configure TLS protocol on vSAN Observer port 8010.

Solution

Modifying the TLS protocol configuration might involve any of the following tasks:   
  • Disabling TLS version 1.0 while leaving TLS version 1.1 and TLS version 1.2 enabled

  • Disabling TLS version 1.0 and TLS version 1.1 while leaving TLS version 1.2 enabled

  • Re-enabling the TLS protocol  

Disabling  the TLS protocol for VMware vSAN Observer Port  8010

     
  1. Deploy Virtual SAN cluster.     
  2.  
  3. On vCenter Server Appliance, login as root user     
  4.  
  5. Log in to Ruby vSphere Console (RVC) as rvc localhost     
  6.  
  7. On Windows vCenter Server, login to RVC as rvc.bat localhost
  8.  
  9. To modify the TLS protocols, run the  commands. Available TLS versions  are SSLv3, TLSv1, TLSv1_1, and TLSv1_2.
       
    vsan.observer protocols -s,  --ssl-protocols <ssl/tls versions> computers/VSAN-Cluster/
  10.  
  11. Disable TLSv1.0 on the vSAN Observer, and enable a higher versions of TLSv1.x.
       
    To disable TLSv1.0 and enable both TLSv1.1 and TLSv1.2, execute this command to perform a reconfiguration
       
    vsan.observer --run-webserver --force  --ssl-protocols tlsv1_1,tlsv1_2 ~computers/VSAN-Cluster/
       
    To disable TLSv1.0 and TLSv1.1, and enable only and TLSv1.2, execute this command to perform a reconfiguration:
       
    vsan.observer --run-webserver --force  --ssl-protocols tlsv1_2 ~computers/VSAN-Cluster/

Re-enabling the TLS protocol for VMware vSAN Observer Port  8010 

  1. Deploy Virtual SAN cluster.     
  2.  
  3. On vCenter Server Appliance, login as root user     
  4.  
  5. Log in to Ruby vSphere Console (RVC) as rvc localhost     
  6.  
  7. On Windows vCenter Server, Login to RVC as rvc.bat localhost
  8.  
  9. To modify the TLS protocols, run the  commands. Available TLS versions  are SSLv3, TLSv1, TLSv1_1, and TLSv1_2.  
     
    vsan.observer protocols -s,  --ssl-protocols <ssl/tls versions> computers/VSAN-Cluster/  
     
  10. Re-enable TLSv1.0 on the vSAN Observer, and re-enable a higher versions of TLSv1.x.
         
    To   re-enable TLSv1.0, execute this command to perform a reconfiguration
     
    vsan.observer  --run-webserver --force --ssl-protocols tlsv1 ~computers/VSAN-Cluster/ 
     
    To  re-enable TLSv1.0 and TLSv1.1, execute this command to perform a  reconfiguration 
     
    vsan.observer  --run-webserver --force --ssl-protocols tlsv1,tlsv1_1 ~computers/VSAN-Cluster/  

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: