TLS v1.1 disabled by default from NSX 4.1.1
search cancel

TLS v1.1 disabled by default from NSX 4.1.1

book

Article ID: 324163

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Due to security concerns many web browsers have already deprecated support for TLS v1.1. 
Starting from release NSX 4.1.1, TLS v1.1 is disabled by default on the Manager cluster.
Prior to this release, TLS v1.1 was enabled by default but could be disabled if required.

Environment

VMware NSX-T

Resolution

If required TLS v1.1 can enabled by API call.

1. Run the following GET API to read the configuration of the NSX API service:
   GET https://<NSX-Manager-IP>/api/v1/cluster/api-service
   The API response contains the list of cipher suites and TLS protocols.

2. Enable the TLS 1.1 protocol.
    Set TLSv1.1 to enabled = true
    Run the following PUT API to send the changes to the NSX API server:
    PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service

3. Enable or disable the cipher suites.
   Set one or more cipher names to enabled = false or enabled = true depending on your requirement.
   Run the following PUT API to send the changes to the NSX API server:
   PUT https://<NSX-Manager-IP>/api/v1/cluster/api-service