You can use the TLS Configuration utility to disable TLS versions on vCenter Server systems. As part of the process, you can either enable both TLS 1.1 and TLS 1.2, or enable only TLS 1.2.

Prerequisites

Ensure that the hosts and services that the vCenter Server manages can communicate using a version of TLS that remains enabled. For products that communicate only using TLS 1.0, connectivity becomes unavailable.

Procedure

  1. Log in to the vCenter Server system as a user who can run scripts and go to the directory where the script is located.

    OS

    Command

    Windows

    cd C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator

    Linux

    cd /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator

  2. Run the command, depending on your operating system and on which version of TLS you want to use.
    • To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.

      OS

      Command

      Windows

      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2

      Linux

      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
    • To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.

      OS

      Command

      Windows

      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2

      Linux

      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
  3. If your environment includes other vCenter Server systems, repeat the process on each vCenter Server system.
  4. Repeat the configuration on each ESXi host and each Platform Services Controller.