Disabling TLS versions is a multi-phase process. Disabling TLS versions in the right order ensures that your environment stays up and running during the process.

  1. If your environment includes vSphere Update Manager on Windows, and vSphere Update Manager is on a separate system, disable protocols explicitly by editing configuration files. See Enable or Disable TLS Versions on vSphere Update Manager on Windows.

    vSphere Update Manager on the vCenter Server Appliance is always included with the vCenter Server system and the script updates the corresponding port.

  2. Run the utility on vCenter Server.
  3. Run the utility on each ESXi host that is managed by the vCenter Server. You can perform this task for each host or for all hosts in a cluster.
  4. If your environment uses one or more Platform Services Controller instances, run the utility on each instance.


You have two choices for using TLS in your environment.
  • Disable TLS 1.0, and enable TLS 1.1 and TLS 1.2.
  • Disable TLS 1.0 and TLS 1.1, and enable TLS 1.2.