To disable SSLv3 on ESXi 6.0
search cancel

To disable SSLv3 on ESXi 6.0

book

Article ID: 323595

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

After upgrading from ESXi 5.5 with SSLv3 protocol enabled by configuration is retained on ESXi 6.0 (60P02 onwards). You can disable SSLv3 on ESXi 6.x after an upgrading from ESXi 5.5.X.


Resolution

Steps to disable SSLv3 on ESXi 6.0 Update 2 & Update 3

Hostd – Port 443

  1. Login to ESXi using putty.exe.
  2. Run the following command to disable SSLv3 protocol:
    esxcli system settings advanced set -o /UserVars/ESXiRhttpproxyDisabledProtocols -s "sslv3"
  3. Restart the /etc/init.d/rhttpproxy service.

Authd – Port 902

  1. Login to ESXi using putty.exe.
  2. Run the following command to disable SSLv3 protocol:
    esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s "sslv3"

CIM – Port 5989

  1. Login to ESXi using putty.exe.
  2. Disable SSLv3 protocol by appending below line in /etc/sfcb/sfcb.cfg:
    enableSSLv3: false
  3. Restart the /etc/init.d/sfcbd-watchdog service.

Virtual SAN VP – Port 8080

  1. Login to ESXi using putty.exe.
  2. Run the following command to disable SSLv3 protocol:
    esxcli system settings advanced set -o /UserVars/ESXiVPsDisabledProtocols -s "sslv3"
  3. Restart the /etc/init.d/vsanvpd service.

IOFilter – Port 9080

  1. Login to ESXi using putty.exe.
  2. Run the following command to disable SSLv3 protocol:
    esxcli system settings advanced set -o /UserVars/ESXiVPsDisabledProtocols -s "sslv3"
  3. Restart the /etc/init.d/iofiltervpd service.
.

Additional Information

Configuring SSLv3 protocol on vSphere 5.5
Enabling support for SSLv3 in ESXi

Powered by Wolken Software