To configure the set of SSL protocols that the cell offers to use during the SSL handshake process, use the ssl-protocols command of the cell management tool.
When a client makes an SSL connection to a VMware Cloud Director cell, the cell offers to use only those protocols that are configured on its list of allowed SSL protocols. TLSv1 is not on the default list because it is known to have serious security vulnerabilities.
Procedure
Example: List Allowed and Configured SSL Protocols and Reconfigure the List of Disallowed SSL Protocols
Use the --all-allowed (-a) option to list all the SSL protocols that the cell can be allowed to offer during an SSL handshake.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -a Product default SSL protocols: * TLSv1.2 * TLSv1.1 * TLSv1
This list is typically a superset of the SSL protocols that the cell is configured to support. To list those SSL protocols, use the --list (-l) option.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -l Allowed SSL protocols: * TLSv1.2 * TLSv1.1
To reconfigure the list of disallowed SSL protocols, use the --disallow (-d) option. This option requires a comma-separated list of the subset of allowed protocols produced by ssl-protocols –a.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -d TLSv1You must restart the cell after running this command.