Enabling and disabling SSLv3 in NSX Edge Load Balancer version 6.1.4 and later
Article ID: 336551
Updated On:
Products
VMware NSX
Issue/Introduction
The article provides information about enabling and disabling SSLv3 in NSX Edge Load Balancer. In VMware NSX for vSphere 6.1.4 and later. SSLv3 is disabled by default in NSX Edge Load Balancer as a measure to help address the SSLv3/POODLE vulnerability in NSX. For more information, see VMware Products and CVE-2014-3556 (POODLE) (2092133).
Environment
VMware NSX for vSphere 6.1.x
Resolution
Note: NSX 6.1.4 includes updates that address the POODLE vulnerability in NSX components not covered in this article. VMware strongly recommends upgrading to NSX 6.1.4 or later. For more information, see the NSX 6.1.4 Release Notes.
Enable SSLv3 Support on NSX Edge Load Balancer:
On NSX 6.1.4 and later, SSLv3 support is disabled by default in NSX Edge Load Balancer. To enable SSLv3 support in NSX Edge Load Balancer, use the NSX Manager UI to add an application rule containing the script sslv3 enable, and associate it with a virtual server configured with the https protocol.
First, add an application rule containing the sslv3 enable script as shown here:
Next, associate the application rule with a virtual server:
After you saved the rule and its association, it is visible in the Virtual Server Details pane, as shown below. SSLv3 support is now enabled for HTTPS connections to this virtual server.
Disable SSLv3 Support on NSX Edge Load Balancer
By default, SSLv3 support is disabled in NSX Edge Load Balancer. If SSLv3 support has been enabled on your NSX Edge Load Balancer, and you wish to disable it again, use the NSX Manager UI to remove the virtual server's application rule containing the script sslv3 enable.
Feedback
Yes
No
Powered by
