You change the minimum version of TLS that Site Recovery Manager uses by modifying the envoy proxy settings.

By default Site Recovery Manager 8.8 uses only TLS 1.2.

Prerequisites

Verify the version of TLS that Site Recovery Manager uses by running the following command openssl s_client -connect <srm-fqdn>:443.

Procedure

  1. SSH to /opt/vmware/envoy/conf/.
  2. Open the envoy-proxy.yaml file in a text editor and edit the following line with the required minimum version of TLS.
    tls_params: tls_minimum_protocol_version: TLSv1_2
  3. Save the changes and exit the editor.
  4. Restart the envoy proxy service by running the following command.
    systemctl restart envoy-proxy

What to do next

If you modify the minimum version of TLS, you must change all the occurrences where you want the change to take effect.