Disabling weak ciphers in vSphere Replication or Site Recovery Manager appliance
search cancel

Disabling weak ciphers in vSphere Replication or Site Recovery Manager appliance

book

Article ID: 312796

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction


This article describes the steps to disable any weak ciphers in vSphere Replication and Site Recovery Manager 8.4 or higher.

Symptoms:

The security tool found vSphere Replication and Site Recovery Manager 8.4 or higher utilized weak ciphers.

Environment

VMware Site Recovery Manager 8.4.x
VMware Site Recovery Manager 8.5.x
VMware vSphere Replication 8.x
VMware vSphere Replication 8.5.x

Resolution


Currently, there is no resolution.

Workaround:

To workaround this issue, follow the steps below:
  1. Log in vSphere Replication or Site Recovery Manager appliance.
  2. Edit /opt/vmware/envoy/conf/envoy-proxy.yaml. Find following entry and remove unwanted ciphers:
    cipher_suites: "ECDHE+AESGCM:RSA+AESGCM:ECDHE+AES:RSA+AES"
    Note: There are two entries. Port 5480 and 443.
  3. systemctl restart envoy-proxy.service.


Powered by Wolken Software