By default, vSphere 6.7 supports the Transport Security Layer (TLS) 1.2 encryption protocol. The upgrade or migration to vCenter Server 6.7 disables the TLS 1.0 and TLS 1.1 encryption protocols, and you may need to reconfigure other VMware products and third-party products to use TLS 1.2.

During both upgrade and migration from vCenter Server 6.0 and 6.5 to vCenter Server 6.7, a notification message informs you that only the TLS 1.2 protocol is enabled. If you need to use the TLS 1.0 and TLS 1.1 protocols to support products or services that do not support TLS 1.2, you can use the TLS Configurator Utility to enable or disable the different TLS protocol versions. You can disable TLS 1.0, or you can disable both TLS 1.0 and TLS 1.1.

When upgrading a Platform Services Controller instance that manages one or more vCenter Server 6.0 or 6.0U1 instances which rely on the older protocols, TLS 1.0 and TLS 1.1 remain enabled to avoid a loss of connectivity. After the upgrade or migration to vCenter Server 6.7 is complete, run the TLS Configurator Utility on each Platform Services Controller node to disable the less secure TLS 1.0 and TLS 1.1 protocols, and use the TLS 1.2 protocol.

For a list of VMware products that support disabling TLS 1.0 and TLS 1.1, see VMware Knowledge Base article 2145796. To learn how to manage TLS protocol configuration, and use the TLS Configurator Utility, see the VMware Security documentation.