DMware

An HCI Virtualization blogsite

ESXi PowerCLI VMware

PowerCLI Disable deprecated protocols (TLSv1, TLSv1.1 and SSLv3)

By DM
PowerCLI logo

It is a best practice to disable deprecated, unused and unsafe protocols. Examples of these are RFC 8996 for TLSv1.0 and TLSv1.1 as well as RFC7568 for SSLv3

In this article it is shown how to automate this through PowerCLI

VMware has published how to do this. However, they have not shown how to do this through PowerCLI.

Attached some lines of code on how to do this… Once connected to vCenter Server using PowerCLI, run the following commands

To query : $DisabledProtocolsPre = get-vmhost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols

To configure : $DisabledProtocolsPost = get-vmhost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value “tlsv1,tlsv1.1,sslv3” -Confirm:$false

Important: after configuration is successful, a restart of the ESXi host is required.

Also, William Lam created functions on GitHub to allow this. Select what you prefer!

 

 

By DM

Related Post

HomeLab vCenter Server VMware

Restore your file-based vCenter backup using the vCenter Server Appliance ISO

DM
HomeLab vCenter Server VMware

Backup your vCenter Appliance to Synology Diskstation

DM
vCenter Server VMware

Update vCenter Appliance from the VAMI

DM

You Missed

Cloud Foundation SDDC Manager

Updating to Cloud Foundation 5.1.1 : SDDC Manager

HomeLab vCenter Server VMware

Restore your file-based vCenter backup using the vCenter Server Appliance ISO

HomeLab vCenter Server VMware

Backup your vCenter Appliance to Synology Diskstation

vCenter Server VMware

Update vCenter Appliance from the VAMI