This topic describes support for TLS Inspection in NSX.
For the NSX Manager TLS Inspection support includes:
- For the REST API, TLS 1.3 and 1.2 are supported by default. TLS 1.1 support is deactivated by default. You can enable TLS 1.1, if needed. TLS 1.0 is not supported. For information, see Update API Service Configuration of the NSX Manager Cluster.
- Starting in 4.2, internal communication uses TLS version 1.3. NSX components will negotiate with TLS 1.3 and fallback to TLS 1.2, as necessary, for example, during upgrade or when communicating with non-NSX external components that do not support TLS 1.3. This behavior is not configurable by the end user.