This article describes the steps to add support for CBC ciphers in SDDC Manager
If the client uses the Windows ciphers, VCF public API can fail with the below similar error:
The request was aborted: Could not create SSL/TLS secure channel.
CBC ciphers were removed in VCF 4.2 to keep up with the latest security guidelines.
Below are the steps to add & support CBC ciphers in nginx.conf in SDDC Manager appliance.
1. ssh to sddc manager
2. login to root account of sddc manager by running su -
3. Run below shell script:
#!/bin/bash
set -e
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
echo "Enabling RSA CBC ciphers for HTTPS connections"
cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sed -i "s/ssl_ciphers.*/ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
echo "Reloading required services"
systemctl reload nginx
echo "Success"