Search the VMware Knowledge Base (KB)
View by Article ID

How to disable Transport Layer Security (TLS) 1.0 on NSX (2145749)

  • 0 Ratings
Language Editions

Purpose

This article provides information to disable Transport Layer Security (TLS) 1.0 on NSX for vSphere 6.2.4.

Resolution

By Default, NSX Manager has TLS 1.0, 1.1, and 1.2 enabled on the server side. On the client side, only TLS 1.0 is enabled.

Note: With the NSX for vSphere 6.2.4 release, the NSX Manager supports TLSv1.0, TLSv1.1, and TLSv1.2.

To disable TLS 1.0 on NSX Manager, use this REST API call:
 
Method: GET
 
URL:  https://nsxmgr_ip/api/1.0/appliance-management/system/tlssettings

Body:
 
<?xml version="1.0" encoding="UTF-8"?>
<tlsSettings>
    <serverEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</serverEnabledProtocols>
    <clientEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</clientEnabledProtocols>
</tlsSettings>

Method: POST

URL:  https://nsxmgr_ip/api/1.0/appliance-management/system/tlssettings

Body:

<tlsSettings>
    <serverEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</serverEnabledProtocols>
    <clientEnabledProtocols>TLSv1,TLSv1.1,TLSv1.2</clientEnabledProtocols>
</tlsSettings>

Note
: Valid values for protocols are TLSv1,TLSv1.1, and TLSv1.2. Protocols are supplied as comma (,) separated list of protocol versions.

Examples:

  • To disable TLS 1.0 and enable TLSv1.1,TLSv1.2 on both server and client:

    <tlsSettings>
        <serverEnabledProtocols>TLSv1.1,TLSv1.2</serverEnabledProtocols>
        <clientEnabledProtocols>TLSv1.1,TLSv1.2</clientEnabledProtocols>
    </tlsSettings>

  • To enable protocols TLSv1.1 and TLSv1.2:

    protocols=”TLSv1.1,TLSv1.2”

  • To enable protocols TLSv1.0, TLSv1.1 and TLSv1.2:

    protocols=”TLSv1,TLSv1.1,TLSv1.2”

Note: Restart the NSX Manager for the changes to take effect.

Additional Information

Changes on Tanuki and Tomcat/TcServer Configurations:

For supporting changes to server side supported protocols, the server.xml located in /usr/app-mgmt/conf/server/xml will be updated.

For supporting changes to client side supported protocols, all the tanuki wrapper configurations would be updated with following additional java env variables:

https.protocols=”TLSv1,TLSv1.1,TLSv1.2”
 

For more information on how to make API calls to the NSX Manager, see the Using the NSX REST API section in the VMware NSX for vSphere API Guide.

Tags

NSX 6.2.4, Transport Layer Security 1.0, TLS

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: