Search the VMware Knowledge Base (KB)
View by Article ID

TLS Configuration Options For Site Recovery Manager 6.1.1 (2145910)

  • 1 Ratings


TLS1.0, 1.1, and 1.2 protocols are enabled by default in Site Recovery Manager 6.1.1. These protocols can be disabled  in Site Recovery Manager and vCenter Server manually.

Note: vCenter Server and Site Recovery Manager must support the same versions to prevent connectivity issues.


To disable a TLS protocol in Site Recovery Manager:
  1. On the Site Recovery Manager server navigate to C:\Program Files\VMware\VMware vCenter Site Recovery Manager\config.
  2. Create a backup of the vmware-dr.xml file.
  3. Open the vmware-dr.xml file in a plain text editor.
  4. In the <vmacore> section under <ssl> add the option <sslOptions>decimal value of the SSL/TLS protocol configuration</sslOptions>.

    To determine the decimal value of the SSL/TLS configuration.
    1. A logical disjunction must be applied to the hexadecimal values of  the SSL/TLS options and all protocols to disable.
    2. Convert the hexadecimal to decimal value. To get the values of protocol versions and SSL/TLS configuration options, see the table below.

      For example, to disable TLSv1.0, SSLv3, SSLv2, SSL/TLS compression, and SSL/TLS session ticket, you can use the following XML code block.


  5.  Restart the Site Recovery Manager service.
  6. Repeat steps 1, 2, 3, and 4 on the paired Site Recovery Manager site.

Hexadecimal Value
Decimal Value

Note: Always include the values of SSL_OP_NO_COMPRESSION and SSL_OP_NO_TICKET when calculating the value of the SSL/TLS configuration to prevent the SSL/TLS compression and SSL/TLS session tickets from being enabled. Site Recovery Manager does not support the SSL/TLS compression and SSL/TLS session tickets.

For example, to disable SSLv2, SSLv3, and TLSv1.0, you can use:
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TICKET = 0x01000000L | 0x02000000L | 0x04000000L | 0x00020000L | 0x00004000L = 0x7024000L 

Convert the 0x7024000L to decimal value (17587968).

To re-enable a protocol, calculate the SSL/TLS configuration by including the SSL_OP_NO_COMPRESSION, SSL_OP_NO_TICKET, and only the protocols that must be disabled. For example, to re-enable TLSv1.0:


Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings