VMware recommends the following encryption levels for connections in non-FIPS 140 mode.

Table 1. Encryption levels for connections for non-FIPS 140 mode
Security level Description Advantages Disadvantages
0. CLEAR, or CLEARTEXT No encrypted communication
  • Backward compatibility
  • No configuration (default behavior)
  • No security
  • Passwords passed to servers as clear texts
1 DH-AES
  • No site secret needed
  • No configuration (default behavior for new installations)
  • Protection against eavesdropping
  • Slower connection than cleartext or level 2 security
  • Not secure against active attacks
2 Encryption based on site secret
  • Protection against eavesdropping and active attack
  • Almost as fast as cleartext
Must set site secret and keep it common across all communicating entities
3 DH-AES and site secret Protection against eavesdropping and active attack, even by those who know the site secret
  • Slower connection than cleartext or level 2 security
  • Must set site secret and keep it common across all communicating entities
Not applicable TLSv1.2 Standards-based
  • Incompatible with previous releases of the software
  • Slower than cleartext