Cannot access LB HTTPS service through TLSv1 after NSX upgrade
search cancel

Cannot access LB HTTPS service through TLSv1 after NSX upgrade

book

Article ID: 309104

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

After upgrading the NSX Edge from 6.2.2 to 6.2.3 and later, these symptoms can be seen:

  • Clients connectivity fails
  • Automation scripts fails with an error similar to:

    SSL_connect SYSCALL returned=5.



Environment

VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x

Cause

This issue occurs because TLSv1 is disabled by default in NSX for vSphere 6.2.3 and later.

Resolution

This is by design.

Starting with NSX for vSphere 6.2.3 and later versions, TLSv1 has been disabled by default as part of NSX for vSphere security enhancements.

To enable TLSv1, it is needed to add an application rule enable tlsv1 and associate it with virtual server manually after upgrading.