Starting with vSphere 6.7, only TLS 1.2 is enabled by default. TLS 1.0 and TLS 1.1 are disabled by default. Whether you do a fresh install, upgrade, or migration, vSphere 6.7 disables TLS 1.0 and TLS 1.1. You can use the TLS Configurator utility to enable older versions of the protocol temporarily on vSphere 6.7 systems. You can then disable the older less secure versions after all connections use TLS 1.2.

Note: Starting with vSphere 6.7, the TLS Configurator utility is included in the product. You no longer download it separately.

Before you perform a reconfiguration, consider your environment. Depending on your environmental requirements and software versions, you might need to re-enable TLS 1.0 and TLS 1.1, in addition to TLS 1.2, to maintain interoperability. For VMware products, consult VMware Knowledge Base article 2145796 for a list of VMware products that support TLS 1.2. For third-party integration, consult your vendor's documentation.