Disabling TLS versions is a multi-phase process. Disabling TLS versions in the right order ensures that your environment stays up and running during the process.

vSphere Lifecycle Manager is always included with the vCenter Server system and the script updates the corresponding port.

  1. Run the TLS Configurator utility on vCenter Server.
  2. Run the TLS Configurator utility on each ESXi host that is managed by the vCenter Server. You can perform this task for each host or for all hosts in a cluster.


You have two choices for using TLS in your environment.
  • Disable TLS 1.0, and enable TLS 1.1 and TLS 1.2.
  • Disable TLS 1.0 and TLS 1.1, and enable TLS 1.2.