By default, the TLS protocol versions 1.0, 1.1, and 1.2 are enabled in vSphere. You can use the TLS Configurator Utility to enable or disable TLS protocol versions. You can disable TLS 1.0, or you can disable both TLS 1.0 and TLS 1.1.

Before you perform reconfiguration, consider your environment.

  • Ensure that vCenter Server, Platform Services Controller, vSphere Update Manager and ESXi hosts within the environment are running software versions that support disabling TLS versions. See VMware Knowledge Base article 2145796 for a list of VMware products that support disabling TLS 1.0.

  • Ensure that other VMware products and third-party products support a TLS protocol that is enabled. Depending on your configuration, that can be TLS 1.2 or both TLS 1.1 and TLS 1.2.