To configure the set of SSL protocols that the VMware Cloud Director cell offers to use during the SSL handshake process, use the ssl-protocols command of the cell management tool.
When a client makes an SSL connection to a VMware Cloud Director cell, the cell offers to use only those protocols that are configured on its list of allowed SSL protocols. For more information on enabling TLS 1.0 or TLS 1.1 for VMware Cloud Director 10.5 or later, see KB 88929.
Procedure
Example: List Allowed and Configured SSL Protocols and Reconfigure the List of Disallowed SSL Protocols
Use the --all-allowed (-a) option to list all the SSL protocols that the cell can be allowed to offer during an SSL handshake.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -a Product default SSL protocols: * TLSv1.3 * TLSv1.2 * TLSv1.1 * TLSv1
This list is typically a superset of the SSL protocols that the cell is configured to support. To list those SSL protocols, use the --list (-l) option.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -l Allowed SSL protocols: * TLSv1.3 * TLSv1.2
To reconfigure the list of disallowed SSL protocols, use the --disallow (-d) option. This option requires a comma-separated list of the subset of allowed protocols produced by ssl-protocols –a.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -d TLSv1,TLSv1.1,TLSv1.3You must restart the cell after running this command.
# ./cell-management-tool ssl-protocols -l Allowed SSL protocols: * TLSv1.2