Search the VMware Knowledge Base (KB)
View by Article ID

Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products (2145796)

  • 6 Ratings

Purpose

Due to security concerns in the TLSv1.0 protocol, both Payment Card Industry (PCI) and BSI organizations have suggested to implement and enable TLSv1.1 or TLSv1.2, and move away from the use of TLSv1.0 as soon as possible. In this article we are providing the current status of that implementation across applicable VMware products. 
Disclaimer: 
  1. Some products or older release versions of some products may not be listed here because either there are no plans for implementing the newer TLS protocols or where TLS changes are not applicable. These products may have reached or are approaching their End of Availability (EOA) or End of Service (EOS).
  2. If you do not observe your product in the tables below or want to get notified in future when the implementation becomes available, please Subscribe to Document to be alerted when more information becomes available.

Resolution

managing
From implementation perspective, TLSv1.1/1.2 enablement is always done as default whereas TLSv1.0 disablement might have been either Default (disabled by default) or through an Option (can be disabled through an option). Review the Implementation Type for TLSv1.0 Disablement to know how it has been implemented. 

By design, VMware attempts to have all services communicate on the highest protocol available within and between products.

Note: For backwards compatibility and interoperability considerations, in some products, although TLSv1.0 disablement is implemented as default, there may be an option to revert that change. Check the documentation provided to know the details as applicable.

The products and their status are listed in 3 tables below.
  1. Product where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are completed.
  2. Products where only TLSv1.1/1.2 Enablement has been completed but TLSv1.0 Disablement is pending
  3. Products where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are pending.

1. Product where both TLSv1.1/1.2 Enablement and TLSv1.0 Disablement are Completed

ProductTLSv1.1/1.2 Enablement (always default)
Version
TLSv1.0 Disablement
Documentation
VersionImplementation
Type
VMware Platform Services Controller (External) 6.x

VMware Platform Services Controller Appliance (External) 6.x
 
 
6.5 and later
 
 
6.5
 
 
Option
Managing TLS protocol configuration for vSphere 6.5 (2147469)

Release Notes for Platform Services Controller 6.5
6.0 Update 3 and later6.0 Update 3 and laterOption
 
Release Notes for vCenter Server 6.0 U3
VMware Identity Manager 2.x2.6 and later
2.6
DefaultEnabling TLS 1.0 protocol in VMware Identity Manager 2.6 (2144805)

Release Notes for VMware Identity Manager 2.6
VMware Integrated OpenStack 3.x3.0 and later3.0OptionRelease Notes for VMware Integrated OpenStack 3.0
 
VMware vCloud Director for Service Providers 8.x
 
 
8.10 and later
 
 
8.10
 
 
Option
Managing the List of Allowed SSL Protocols in the vCloud Director Administrator's Guide

Release Notes for VMware vCloud Director for Service Providers 8.10
VMware vCloud Usage Meter 3.53.5 and later3.5DefaultRelease Notes for VMware vCloud Usage Meter 3.5
VMware vCloud Air Hybrid Cloud Manager 2.x2.0 and later2.0OptionHybrid Cloud Manager Security Protocol (2146900)

Release Notes for VMware vCloud Air Hybrid Cloud Manager 2.0
VMware vRealize Business Advanced and Enterprise 8.x8.2.4 and later
8.2.4
DefaultRelease Notes for vRealize Business Advanced and Enterprise 8.2.4
 
VMware vRealize Business Standard for Cloud 7.x
 
7.1.0 and later
 
7.1.0
 
Default
Enable or Disable TLS in the vRealize Business for Cloud Install Guide

Release Notes for vRealize Business Standard for Cloud 7.1.0
 
VMware vRealize Configuration Manager 5.x
 
5.8.2 and later
 
5.8.3
 
Default
Release Notes for VMware vRealize Configuration Manager 5.8.3

Release Notes for VMware vRealize Configuration Manager 5.8.2
VMware NSX for vSphere 6.x

Includes: Manager, Controller, Endpoint, Data Security, Edge.
6.2.4 and later6.2.4
Default
Disabling Transport Layer Security (TLS) 1.0 on NSX (2145749)

Release Notes for VMware NSX for vSphere 6.2.4
VMware vCenter Server 6.x

VMware vCenter Server Appliance 6.x
 
6.5 and later
 
6.5
 
Option
Managing TLS protocol configuration for vSphere 6.5 (2147469)

Release Notes for vCenter Server 6.5
6.0 Update 3 and later6.0 Update 3 and laterOption
 
Release Notes for vCenter Server 6.0 U3
 
vCenter Server Heartbeat 6.6.x
 
6.6 Update 2
 
6.6 Update 2
 
Option
Configuring VMware vCenter Server Heartbeat to use only TLS2v1.1 and TLSv1.2 (2146352)

Release Notes for vCenter Server Heartbeat 6.6 Update 2
 
 
VMware vRealize Automation 7.x
 
 
7.0.1 and later
 
 
7.1.0
 
 
Option
Disabling TLS 1.0 in vRealize Automation (2146570)

Release Notes for VMware vRealize Automation 7.1.0

Release Notes for VMware vRealize Automation 7.0.1
 
 
 
VMware vRealize Orchestrator 7.x
 
 
 
7.0.0 and later
 
 
 
7.0.1
 
 
 
Default
Enable SSLv3 and TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (2144318)

Release Notes for vRealize Orchestrator 7.0.0

Release Notes for vRealize Orchestrator 7.0.1
 
 
VMware vSphere Update Manager 6.x
 
6.5 and later
 
6.5
 
Option
Managing TLS protocol configuration for vSphere 6.5 (2147469)

Release Notes for vSphere Update Manager 6.5
6.0 Update 3 and later6.0 Update 3 and laterOption

Release Notes for vSphere Update manager 6.0 U3
 
VMware vRealize Infrastructure Navigator 5.8.x
 
5.8.5 and later
 
5.8.5
 
Option
Disabling TLSv1 Support in vRealize Infrastructure Navigator (2139941)

Release Notes for vRealize Infrastructure Navigator 5.8.5
 
VMware vCenter Support Assistant 6.x
 
6.0.2 and later
 
6.0.2
 
Default
TLS protocol configuration options for vCenter Support Assistant (2146079)

Release Notes for vCenter Support Assistant 6.0.2
 
VMware vRealize Operations 6.2.x
 
6.2.0 and later
 
6.2.x
 
Option
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)

Release Notes for vRealize Operations Manager 6.2.0
VMware vRealize Operations Management pack for MEDITECH 1.0
 
6.2.0
 
6.2.x
 
Option
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)

Release Notes for vRealize Operations Manager 6.2.0
VMware vRealize Operations Management pack for Epic 1.0
 
6.2.0
 
6.2.x
 
Option
Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)

Release Notes for vRealize Operations Manager 6.2.0
VMware vRealize Operations Management pack for Published Applications 6.x
 
6.1.1
 
6.1.1
 
Default
Release Notes for VMware vRealize Operations for Published Applications 6.1.1
VMware vRealize Hyperic 5.x5.8.6 and later5.8.6DefaultRelease Notes for vRealize Hyperic 5.8.6
 
VMware vRealize Log Insight 4.x
 
4.0 and later
 
4.0
 
Option
How to disable TLS 1.0 in vRealize Log Insight (2146305)

Release Note for vRealize Log Insight 4.0
 
 
 
 
VMware vRealize Log Insight 3.x
 
 
 
 
3.0 and later
 
 
 
 
3.0
 
 
 
 
Option
Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers (2144162)

How to disable TLS 1.0 in vRealize Log Insight (2146305)

Release Note for vRealize Log Insight 3.6

Release Note for vRealize Log Insight 3.3

Release Note for vRealize Log Insight 3.0



VMware Site Recovery Manager 6.x
6.5 and later
6.5
Default
Release Notes for Site Recovery Manager 6.5

 
6.1 and later
 
 
6.1.1
 
 
Option

TLS Configuration Options For Site Recovery Manager 6.1.1 (2145910)

Release Notes for Site Recovery Manager 6.1

Release Notes for Site Recovery Manager 6.1.1


VMware vSphere Replication 6.x
6.5 and later6.5DefaultRelease Notes for vSphere Replication 6.5

6.1.1 and later

6.1.1

Option
 
VMware ESXi 6.x
 
6.5 and later
 
6.5
 
Option
Managing TLS protocol configuration for vSphere 6.5 (2147469)

Release Notes for vSphere ESXi 6.5
6.0 Update 3 and later6.0 Update 3 and laterOption
 
Release Notes for vSphere ESXi 6.0 U3
 
 
VMware Tools 10.x
 
 
10.0.0 and later
 
 
10.1.0
 
 
Default
Release Note for VMware Tools 10.1.0

Release Note for VMware Tools 10.0.12

Note: TLSv1.2 is leveraged for internal communications only as VMware Tools does not use SSL based communication to other components.



VMware vSAN (vSAN) 6.x
 
6.5 and later
 
6.5
 
Option
Managing TLS protocol configuration for vSphere 6.5 (2147469)

Release Notes for VMware vSAN 6.5
6.26.2OptionRelease Notes for VMware vSAN 6.2
 
VMware AppVolumes 2.x
 
2.11.0 and later
 
2.11.0
 
Default
Release Notes for VMware App Volumes 2.11.0

Patch required
 
VMware AppVolumes 3.x
 
3.0 and later
 
3.0
 
Default
VMware AppVolumes 3.0 Installation and Administration Guide

Release Notes for VMware App Volumes 3.0
 
VMware vRealize Code Stream 2.x
 
2.1.0 and later
 
2.1.0
 
Option
Disabling TLS 1.0 in vRealize Automation (2146570)

Release Notes for VMware vRealize Code Stream 2.1
VMware Remote Console 8.x8.0 and later8.0DefaultRelease Notes for VMware Remote Console 8.0
VMware vFabric tc Server 2.9.x2.9.13 and later2.9.13OptionRelease Notes for vFabric tc Server 2.9
 
VMware Horizon for Linux 6.2.x
 
6.2.1 and later
 
6.2.1
 
Default
Setting Options in Configuration Files on Linux Desktop in the Horizon 6 Version 6.2 Guide

Release Notes for VMware Horizon 6 version 6.2.1
 
 
 
 
 
 
 
 
 
 
 
VMware Horizon Client 4.x
 
 
 
 
 
 
 
 
 
 
 
4.0.1 and later
 
 
 
 
 
 
 
 
 
 
 
4.0.1
 
 
 
 
 
 
 
 
 
 
 
Option
Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for iOS

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Android

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Mac OS X

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Linux

Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Windows

Release Notes for VMware Horizon Client 4.1 for iOS

Release Notes for VMware Horizon Client 4.1 for Android

Release Notes for VMware Horizon Client 4.1 for Mac OS X

Release Notes for VMware Horizon Client 4.1 for Linux

Release Notes for VMware Horizon Client 4.1 for Windows
 
VMware Horizon View 7.x
 
7.0 and later
 
7.0
 
Default
Configuring security protocols on components to connect the View Client with desktops (2130798)

Release Notes for VMware Horizon View 7.0
 
VMware Horizon View 6.x
 
6.2.1 and later
 
6.2.1
 
Default
Configuring security protocols on components to connect the View Client with desktops (2130798)

Release Notes for VMware Horizon View 6.2.1
 
VMware Horizon Air 16.x
 
16.6.0
 
16.6.0
 
Option
Disabling TLS 1.0 in Horizon Air Appliances (2146781)

Release Notes for VMware Horizon Air 16.6
 
VMware Mirage
 
5.7 and later
 
5.7
 
Option
Disabling TLS 1.0 on Windows systems (2145606)

Release Notes for VMware Mirage 5.7
 
 
 
VMware Horizon Air Hybrid-mode 1.x
 
 
 
1.0 and later
 
 
 
1.0
 
 
 
Default
Change the Security Protocols and Cipher Suites Used for TLS or SSL Communication in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide

Configuration Settings for System Settings and Server Certificates in VMware Horizon Air Hybrid-Mode 1.0 Administration Guide

Release Notes for VMware Horizon Air Hybrid-mode 1.0
 
VMware Software Manager - Download Server
 
1.3 and later
 
1.3
 
Default
Enable SSLv3 or TLSv1 in the VMware Software Manager - Download Service User Guide.

Release Notes for VMware Software Manager 1.3
 
VMware Photon OS
 
1.0 and later
 
1.0
 
Option
Disabling TLS 1.0 to Improve Transport Layer Security in the Photon OS Administration Guide
VMware Continuent 5.x

Includes: Analytics and Big Data, Cluster, Disaster Recovery, Replication
5.0 and later
 5.0
 Default
Release Notes for VMware Software Manager 5.0        
 
 
 
VMware vSphere Big Data Extension 2.3.x    2.3.22.3.2   OptionRelease Notes for vSphere Big Data Extension 2.3
NSX-T1.11.1DefaultRelease Notes for NSX-T 1.1

vCenter Chargeback Manager

2.7.22.7.1Default
Release Notes for Chargeback Manager 2.7.2

Additional Information

2. TLSv1.1/1.2 Enablement Completed and TLSv1.0 Disablement Pending

As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.

ProductTLSv1.1/1.2 Enablement (always default)
Version
TLSv1.0 Disablement
Planned Version
Documentation
VMware vCenter Converter Standalone 6.x6.1.1
(Pending)VMware vCenter Converter Standalone User's Guide (Page 40)

Release Notes for VMware vCenter Converter Standalone 6.1.1
VMware Fusion 8.x8.0.0
(Pending)Release Notes for VMware Fusion 8
VMware Workstation Pro/Player 12.x12.0.0(Pending)Release Notes for VMware Workstation 12 Pro

Release Notes for VMware Workstation 12 Player

3. TLSv1.1/1.2 Enablement Pending and TLSv1.0 Disablement Pending

As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.

ProductTLSv1.1/1.2 Enablement (always default)
Planned Version
TLSv1.0 Disablement
Planned Version
Documentation
VMware vSphere Data Protection 6.1.x(Pending)(Pending)(Pending)
VMware Photon Controller 1.x(Pending)(Pending)

(Pending)

Horizon DaaS 7.0 (Pending)(Pending)(Pending)

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 6 Ratings
Actions
KB: