TLS v1.1 disabled by default from NSX 4.1.1
Article ID: 324163
Updated On:
Products
VMware NSX
Issue/Introduction
Due to security concerns many web browsers have already deprecated support for TLS v1.1.
Starting from release NSX 4.1.1, TLS v1.1 is disabled by default on the Manager cluster.
Prior to this release, TLS v1.1 was enabled by default but could be disabled if required.
Starting from release NSX 4.1.1, TLS v1.1 is disabled by default on the Manager cluster.
Prior to this release, TLS v1.1 was enabled by default but could be disabled if required.
Environment
VMware NSX-T
Resolution
If required TLS v1.1 can enabled by API call.
1. Run the following GET API to read the configuration of the NSX API service:
GET https://<NSX-Manager-IP>/api/v1/cluster/api-service
The API response contains the list of cipher suites and TLS protocols.
2. Enable the TLS 1.1 protocol.
Set TLSv1.1 to enabled = true
Run the following PUT API to send the changes to the NSX API server:
PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service
3. Enable or disable the cipher suites.
Set one or more cipher names to enabled = false or enabled = true depending on your requirement.
Run the following PUT API to send the changes to the NSX API server:
PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service
1. Run the following GET API to read the configuration of the NSX API service:
GET https://<NSX-Manager-IP>/api/v1/cluster/api-service
The API response contains the list of cipher suites and TLS protocols.
2. Enable the TLS 1.1 protocol.
Set TLSv1.1 to enabled = true
Run the following PUT API to send the changes to the NSX API server:
PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service
3. Enable or disable the cipher suites.
Set one or more cipher names to enabled = false or enabled = true depending on your requirement.
Run the following PUT API to send the changes to the NSX API server:
PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service
Feedback
Yes
No
Powered by
