PowerCLI logo

It is a best practice to disable deprecated, unused and unsafe protocols. Examples of these are RFC 8996 for TLSv1.0 and TLSv1.1 as well as RFC7568 for SSLv3

In this article it is shown how to automate this through PowerCLI

VMware has published how to do this. However, they have not shown how to do this through PowerCLI.

Attached some lines of code on how to do this… Once connected to vCenter Server using PowerCLI, run the following commands

To query : $DisabledProtocolsPre = get-vmhost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols

To configure : $DisabledProtocolsPost = get-vmhost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value “tlsv1,tlsv1.1,sslv3” -Confirm:$false

Important: after configuration is successful, a restart of the ESXi host is required.

Also, William Lam created functions on GitHub to allow this. Select what you prefer!