Diffie-Hellman key exchange has weaknesses. You must disable all cipher suites that contain DH, DHE, and EDH. These cipher suites are disabled by default. These can be enabled if you need to use them.


  1. Open the /usr/lib/vmware-vcopssuite/utilities/conf/vcops-apache.conf file.
  2. Find the line SSLCipherSuite HIGH:!aNULL!ADH:!EXP:!MD5:!3DES:!CAMELLIA:!PSK:!SRP:!DH:@STRENGTH.
  3. Remove !DH: so that the line reads SSLCipherSuite HIGH:!aNULL!ADH:!EXP:!MD5:!3DES:!CAMELLIA:!PSK:!SRP:@STRENGTH.
  4. Save and close the file.