If you disable a version of TLS for Update Manager Port 8084 and you encounter problems, you can reenable the version. The process is different for port 9087.

Reenabling an earlier version of TLS has security implications.

Procedure

  1. Stop the vSphere Update Manager service.
  2. Navigate to the Update Manager installation directory, which is different for 6.0 and 6.5 and later.
    Version Location
    vSphere 6.0 C:\Program Files (x86)\VMware\Infrastructure\Update Manager
    vSphere 6.5 and later C:\Program Files\VMware\Infrastructure\Update Manager
  3. Make a backup of the vci-integrity.xml file and open the file.
  4. Edit the <protocols> tag. 
     <vmacore>
	<ssl>
       <handshakeTimeoutMs>120000</handshakeTimeoutMS>
       <protocols>protocols_value</protocols>
	</ssl>
</vmacore>
  5. Depending on the TLS version that you want to enable, use one of the following values in the <protocols> tag.
    TLS Versions to Enable Use...
    All tls1.0,tls1.1,tls1.2.
    Only TLSv1.1 and TLSv.1.2 tls.1.1,tls1.2.
    Only TLSv1.2 tls1.2, or do not include a protocols tag. Because the default is TLS 1.2, no protocols tag is present to start with in vmacore.
  6. Save the vci-integrity.xml file.
  7. Restart the vSphere Update Manager service.