vSphere enables only TLS by default. TLS 1.0 and TLS 1.1 are disabled by default. Whether you do a fresh install, upgrade, or migration, vSphere disables TLS 1.0 and TLS 1.1. You can use the TLS Configurator utility to enable older versions of the protocol temporarily on vSphere systems. You can then disable the older less secure versions after all connections use TLS 1.2.

Before you perform a reconfiguration, consider your environment. Depending on your environmental requirements and software versions, you might need to re-enable TLS 1.0 and TLS 1.1, in addition to TLS 1.2, to maintain interoperability. For VMware products, see the VMware Knowledge Base article at https://kb.vmware.com/s/article/2145796 for a list of VMware products that support TLS 1.2. For third-party integration, consult your vendor's documentation. The TLS Configurator utility works with vSphere 7.0 and prior releases, including 6.7, 6.5, and 6.0.