vRealize Operations Manager disables SSLv3, TLS 1.0, and TLS 1.1 by default. You must disable weak protocols on all load balancers before you put the system into production.
Procedure
- Verify that the protocols are enabled. To verify that the protocols are enabled, run the following commands on each node:
1. # grep inter_cluster.supported_protocols /storage/vcops/user/conf/ssl/secure-communications.properties or 2. # grep default.supported_protocols /storage/vcops/user/conf/ssl/secure-communications.properties
If the result of command 1 is blank, that means that the inter_cluster properties are not specified directly and it uses default values which you can obtain by command 2. - Re-enable TLS 1.0 and TLS 1.1.
- Navigate to the administrator user interface to bring the cluster offline: url/admin.
- Click Bring Offline.
- To ensure that TLS 1.0 and TLS 1.1 are enabled, run the following commands:
If the result of command 1 is blank, use the following command:
sed -i "/^[^#]*default.supported_protocols/ c\default.supported_protocols = TLSv1.2 TLSv1.1 TLSv1" /storage/vcops/user/conf/ssl/secure-communications.properties
If the result of command 1 is not blank, use the following command:sed -i "/^[^#]*inter_cluster.supported_protocols/ c\inter_cluster.supported_protocols = TLSv1.2 TLSv1.1 TLSv1" /storage/vcops/user/conf/ssl/secure-communications.properties
Repeat this step for each node. - Navigate to the administrator user interface to bring the cluster online.
- Click Bring Online.
