VMware recommends the following encryption levels for connections in non-FIPS 140 mode.
Security level | Description | Advantages | Disadvantages |
---|---|---|---|
0. CLEAR, or CLEARTEXT | No encrypted communication |
|
|
1 | DH-AES |
|
|
2 | Encryption based on site secret |
|
Must set site secret and keep it common across all communicating entities |
3 | DH-AES and site secret | Protection against eavesdropping and active attack, even by those who know the site secret |
|
Not applicable | TLSv1.2 | Standards-based |
|