List of default ciphers supported by Content Library and backward compatibility
Article ID: 315216
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
This article provides the list of default ciphers supported by Content Library and additional ciphers that can be supported for backward compatibility.
Note: SSL Handshake with the target might fail if it does not support one of the default cipher suites supported by Content Library
Note: SSL Handshake with the target might fail if it does not support one of the default cipher suites supported by Content Library
Environment
VMware vSphere 6.7.x
VMware vSphere 7.0.x
VMware vSphere 7.0.x
Resolution
Default cipher suite supported by Content Library:
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"
Overriding Cipher suites
You can override the list of cipher suites by choosing from the default list as follows:- SSH to the vCenter Server.
- Open the /etc/vmware-content-library/vdc.properties file.
- Add the property tls.cipher.suites with a list of cipher suites to be enabled from default list
For example:
tls.cipher.suites = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA38, TLS_RSA_WITH_AES_128_GCM_SHA256
- Save the file.
- Restart Content Library:
service-control --restart vmware-content-library
Feedback
Yes
No
Powered by
