Search the VMware Knowledge Base (KB)
View by Article ID

Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products (2145796)

  • 6 Ratings

Purpose

Due to security concerns in the TLSv1.0 protocol, both Payment Card Industry (PCI) and BSI organizations have suggested to implement and enable TLSv1.1 or TLSv1.2, and move away from the use of TLSv1.0 as soon as possible. In this article we are providing the current status of that implementation across applicable VMware products. 
Disclaimer: 
  1. Some products or older release versions of some products may not be listed here because either there are no plans for implementing the newer TLS protocols or where TLS changes are not applicable. These products may have reached or are approaching their End of Availability (EOA) or End of Service (EOS).
  2. If you do not observe your product in the tables below or want to get notified in future when the implementation becomes available, please Subscribe to Document to be alerted when more information becomes available.

Resolution

From implementation perspective, TLSv1.1/1.2 enablement is always done as default whereas TLSv1.0 disablement might have been either Default (disabled by default) or through an Option (can be disabled through an option). Review the Implementation Type for TLSv1.0 Disablement to know how it has been implemented. 

By design, VMware attempts to have all services communicate on the highest protocol available within and between products.

Note: For backwards compatibility and interoperability considerations, in some products, although TLSv1.0 disablement is implemented as default, there may be an option to revert that change. Check the documentation provided to know the details as applicable.

The products and their status are listed in 3 tables below.
  1. Product where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are completed.
  2. Products where only TLSv1.1/1.2 Enablement has been completed but TLSv1.0 Disablement is pending
  3. Products where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are pending.
Notes
  • The TLSv.1.0 Disablement Version is the first release with TLSv1.0 disabled, all subsequent releases will have this disabled by default.
  • The TLSv1.1/1.2 Enablement Version is the first release with TLSv1.1/1.2 enabled always by default, all subsequent releases will have this denabled by default.

1. Product where both TLSv1.1/1.2 Enablement and TLSv1.0 Disablement are Completed

Product
TLSv1.1/1.2 Enablement (always default)
Version
TLSv1.0 Disablement
Documentation
Version
Implementation
Type
VMware Platform Services Controller (External) 6.x

VMware Platform Services Controller Appliance (External) 6.x
 
 
6.5
 
 
6.5
 
 
Option
6.0 Update 3
6.0 Update 3
Option
 
Release Notes for vCenter Server 6.0 U3
VMware Identity Manager 2.x
2.6
2.6
Default
VMware Integrated OpenStack 3.x
3.0
3.0
Option
Release Notes for VMware Integrated OpenStack 3.0
 
VMware vCloud Director for Service Providers 8.x
 
 
8.10
 
 
8.10
 
 
Option
Managing the List of Allowed SSL Protocols in the vCloud Director Administrator's Guide

Release Notes for VMware vCloud Director for Service Providers 8.10
 
VMware vCloud Availability for vCloud Director 1.x
 
 
1.0.1
 
 
1.0.1
 
 
Option
Configuring vCloud Director for Installation in the vvCloud Availability for vCloud Director Installation and Configuration Guide

Release Notes for vCloud Availability for vCloud Director 1.0.1
VMware vCloud Usage Meter 3.5
3.5
3.5
Default
Release Notes for VMware vCloud Usage Meter 3.5
VMware vCloud Air Hybrid Cloud Manager 2.x
2.0
2.0
Option
Hybrid Cloud Manager Security Protocol (2146900)

Release Notes for VMware vCloud Air Hybrid Cloud Manager 2.0
VMware vRealize Business Advanced and Enterprise 8.x
8.2.4
8.2.4
Default
Release Notes for vRealize Business Advanced and Enterprise 8.2.4
 
VMware vRealize Business Standard for Cloud 7.x
 
7.1.0
 
7.1.0
 
Default
Enable or Disable TLS in the vRealize Business for Cloud Install Guide

Release Notes for vRealize Business Standard for Cloud 7.1.0
 
VMware vRealize Configuration Manager 5.x
 
5.8.2
 
5.8.3
 
Default
Release Notes for VMware vRealize Configuration Manager 5.8.3

Release Notes for VMware vRealize Configuration Manager 5.8.2
VMware NSX for vSphere 6.x

Includes: Manager, Controller, Endpoint, Edge.
6.2.4
6.2.4
Default
VMware vCenter Server 6.x

VMware vCenter Server Appliance 6.x
 
6.5
 
6.5
 
Option
6.0 Update 3
6.0 Update 3
Option
 
Release Notes for vCenter Server 6.0 U3
 
vCenter Server Heartbeat 6.6.x
 
6.6 Update 2
 
6.6 Update 2
 
Option
 
 
VMware vRealize Automation 7.x
 
 
7.0.1
 
 
7.1.0
 
 
Option
Disabling TLS 1.0 in vRealize Automation (2146570)

Release Notes for VMware vRealize Automation 7.1.0

Release Notes for VMware vRealize Automation 7.0.1
 
 
 
VMware vRealize Orchestrator 7.x
 
 
 
7.0.0
 
 
 
7.0.1
 
 
 
Default
 
 
VMware vSphere Update Manager 6.x
 
6.5
 
6.5
 
Option
6.0 Update 3
6.0 Update 3
Option

Release Notes for vSphere Update manager 6.0 U3
 
VMware vRealize Infrastructure Navigator 5.8.x
 
5.8.5
 
5.8.5
 
Option
 
VMware vCenter Support Assistant 6.x
 
6.0.2
 
6.0.2
 
Default
 
VMware vRealize Operations 6.2.x
 
6.2.0
 
6.2.x
 
Option
VMware vRealize Operations Management pack for MEDITECH 1.0
6.2.0
6.2.x
Option
VMware vRealize Operations Management pack for Epic 1.0
6.2.0
6.2.x
Option
VMware vRealize Operations Management pack for Published Applications 6.x
 
6.1.1
 
6.1.1
 
Default
Release Notes for VMware vRealize Operations for Published Applications 6.1.1
VMware vRealize Hyperic 5.x
5.8.6
5.8.6
Default
Release Notes for vRealize Hyperic 5.8.6
 
VMware vRealize Log Insight 4.x
 
4.0
 
4.0
 
Option
 
 
 
 
VMware vRealize Log Insight 3.x
 
 
 
 
3.0
 
 
 
 
3.0
 
 
 
 
Option



VMware Site Recovery Manager 6.x
6.5
6.5
Default
Release Notes for Site Recovery Manager 6.5

 
6.1
 
 
6.1.1
 
 
Option

TLS Configuration Options For Site Recovery Manager 6.1.1 (2145910)

Release Notes for Site Recovery Manager 6.1

Release Notes for Site Recovery Manager 6.1.1


VMware vSphere Replication 6.x
6.5
6.5
Default
Release Notes for vSphere Replication 6.5

6.1.1

6.1.1

Option
 
VMware ESXi 6.x
 
6.5
 
6.5
 
Option
6.0 Update 3
6.0 Update 3
Option
 
Release Notes for vSphere ESXi 6.0 U3
 
 
VMware Tools 10.x
 
 
10.0.0
 
 
10.1.0
 
 
Default
Release Note for VMware Tools 10.1.0

Release Note for VMware Tools 10.0.12

Note: TLSv1.2 is leveraged for internal communications only as VMware Tools does not use SSL based communication to other components.



VMware vSAN 6.x
 
6.5
6.6    
 
6.5
 
Option
6.2
6.2
Option
Release Notes for VMware vSAN 6.2
 
VMware AppVolumes 2.x
 
2.11.0
 
2.11.0
 
Default
Release Notes for VMware App Volumes 2.11.0

Patch required
 
VMware AppVolumes 3.x
 
3.0
 
3.0
 
Default
 
VMware vRealize Code Stream 2.x
 
2.1.0
 
2.1.0
 
Option
VMware Remote Console 8.x
8.0
8.0
Default
Release Notes for VMware Remote Console 8.0
VMware vFabric tc Server 2.9.x
2.9.13
2.9.13
Option
Release Notes for vFabric tc Server 2.9
 
VMware Horizon for Linux 6.2.x
 
6.2.1
 
6.2.1
 
Default
Setting Options in Configuration Files on Linux Desktop in the Horizon 6 Version 6.2 Guide

Release Notes for VMware Horizon 6 version 6.2.1
 
 
 
 
 
 
 
 
 
 
 
VMware Horizon Client 4.x
 
 
 
 
 
 
 
 
 
 
 
4.0.1
 
 
 
 
 
 
 
 
 
 
 
4.0.1
 
 
 
 
 
 
 
 
 
 
 
Option
Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for iOS

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Android

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Mac OS X

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Linux

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Windows

Release Notes for VMware Horizon Client 4.1 for iOS

Release Notes for VMware Horizon Client 4.1 for Android

Release Notes for VMware Horizon Client 4.1 for Mac OS X

Release Notes for VMware Horizon Client 4.1 for Linux

Release Notes for VMware Horizon Client 4.1 for Windows
 
VMware Horizon View 7.x
 
7.0
 
7.0
 
Default
 
VMware Horizon View 6.x
 
6.2.1
 
6.2.1
 
Default
 
VMware Horizon Air 16.x
 
16.6.0
 
16.6.0
 
Option
Horizon Daas 7.0
7.0.0
7.0.0
Default
Release Notes for VMware Horizon DaaS 7.0
 
VMware Mirage
 
5.7
 
5.7
 
Option
 
 
 
VMware Horizon Air Hybrid-mode 1.x
 
 
 
1.0
 
 
 
1.0
 
 
 
Default
Change the Security Protocols and Cipher Suites Used for TLS or SSL Communication in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide

Configuration Settings for System Settings and Server Certificates in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide

Release Notes for VMware Horizon Air Hybrid-mode 1.0
 
VMware Software Manager - Download Server
 
1.3
 
1.3
 
Default
Enable SSLv3 or TLSv1 in the VMware Software Manager - Download Service User Guide.

Release Notes for VMware Software Manager 1.3
 
VMware Photon OS
 
1.0
 
1.0
 
Option
Disabling TLS 1.0 to Improve Transport Layer Security in the Photon OS Administration Guide
VMware Continuent 5.x

Includes: Analytics and Big Data, Cluster, Disaster Recovery, Replication
5.0
 5.0
 Default
Release Notes for VMware Software Manager 5.0        
 
 
 
VMware vSphere Big Data Extension 2.3.x    
2.3.2
2.3.2   
Option
Release Notes for vSphere Big Data Extension 2.3
NSX-T
1.1
1.1
Default
Release Notes for NSX-T 1.1
vCenter Chargeback Manager
2.7.2
2.7.1
Default
Release Notes for Chargeback Manager 2.7.2
VMware Network Insight 3.x
3.3
3.3
Default
Release Notes for VMware Network Insight 3.3
 

2. TLSv1.1/1.2 Enablement Completed and TLSv1.0 Disablement Pending

As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.

ProductTLSv1.1/1.2 Enablement (always default)
Version
TLSv1.0 Disablement
Planned Version
Documentation
VMware vCenter Converter Standalone 6.x6.1.1
(Pending)VMware vCenter Converter Standalone User's Guide (Page 40)

Release Notes for VMware vCenter Converter Standalone 6.1.1
VMware Fusion 8.x8.0.0
(Pending)Release Notes for VMware Fusion 8
VMware Workstation Pro/Player 12.x12.0.0(Pending)Release Notes for VMware Workstation 12 Pro

Release Notes for VMware Workstation 12 Player
VMware vSphere Data Protection 6.1.x6.14(Pending)Release Notes for Data Protection 6.1.4

3. TLSv1.1/1.2 Enablement Pending and TLSv1.0 Disablement Pending

As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.

ProductTLSv1.1/1.2 Enablement (always default)
Planned Version
TLSv1.0 Disablement
Planned Version
Documentation
VMware Photon Controller 1.x(Pending)(Pending)

(Pending)

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 6 Ratings
Actions
KB: