Disabling TLS versions is a multi-phase process. Disabling TLS versions in the right order ensures that your environment stays up and running during the process.

  1. If your environment includes vSphere Update Manager on Windows, and vSphere Update Manager is on a separate system, disable protocols explicitly by editing configuration files. See Disable TLS Versions on vSphere Update Manager.

    vSphere Update Manager on the vCenter Server Appliance is always included with the vCenter Server system and the script updates the corresponding port.

  2. Install the TLS Configuration utility on the vCenter Server and Platform Services Controller. If your environment uses an embedded Platform Services Controller, you install the utility only on vCenter Server.
  3. Run the utility on vCenter Server.
  4. Run the utility on each ESXi host that is managed by the vCenter Server. You can perform this task for each host or for all hosts in a cluster.
  5. If your environment uses one or more Platform Services Controller instances, run the utility on each instance.

Prerequisites

You perform this configuration on systems that run vSphere 6.0 U3 and on systems that run vSphere 6.5. You have two choices.
  • Disable TLS 1.0 and enable TLS 1.1 and TLS 1.2.
  • Disable TLS 1.0 and TLS 1.1 and enable TLS 1.2.