If you disable a version of TLS for Update Manager Port 8084 and you encounter problems, you can reenable the version. The process is different for port 9087.
Reenabling an earlier version of TLS has security implications.
Procedure
- Stop the vSphere Update Manager service.
- Navigate to the Update Manager installation directory which is different for 6.0 and 6.5.
Version Location vSphere 6.0 C:\Program Files (x86)\VMware\Infrastructure\Update Manager vSphere 6.5 C:\Program Files\VMware\Infrastructure\Update Manager - Make a backup of the vci-integrity.xml file and open the file.
- Change the decimal value that is used in the
<sslOptions>tag, or delete the tag to allow all versions of TLS.- To enable TLS 1.1 but leave TLS 1.0 disabled, use the decimal value 117587968.
- To reenable both TLS 1.1 and TLS 1.0, remove the tag.
- Save the file.
- Restart the vSphere Update Manager service.
