vSphere 5.1 Ports and Services
Service | Port | Configuration Steps |
Hostd | 443 | |
Authd | 902 | |
SFCBD | 5989 | |
Single Sign On (SSO) | 7444 | |
Virtual Appliance Management Interface (VAMI) | 5480 | |
Authentication proxy service (CAM) | 51915 | |
Syslog Collector (vmsyslogcollector) | 1514 | |
VMware vSphere Web Client Service (vspherewebclientsvc) | 9443 | |
VirtualCenter Server service (vpxd) | 443 | |
vCenter Inventory Service database (invsvc) | 10109 | |
VMware VirtualCenter Management Webservices | 8443 | |
SPS | 21100(VCSA), 31100(windows) | |
Auto Deploy servie port Auto Deploy management port | | |
Log Browser | 12443 | Log Browser service |
vSphere Update Manager | 8084/9087 | |
Hostd service - Port 443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Hostd service for ESXi 5.1 patch [3872664] released on 05/24/2016 follow these steps:
- Login to ESXi using putty.exe
- To enable SSLv3 is run the following command:
esxcli system settings advanced set -o /UserVars/ESXiRhttpproxyDisabledProtocols51 -s ""
- Restart the rhttpproxy services by running the following command:
/etc/init.d/rhttpproxy restart
watchdog-rhttpproxy: Terminating watchdog process with PID 6276
rhttpproxy stopped.
rhttpproxy started.
- Run the following command to get a list of disabled protocols for hostd:
esxcli system settings advanced list -o /UserVars/ESXiRhttpproxyDisabledProtocols51
Where:
Path: /UserVars/ESXiRhttpproxyDisabledProtocols51
Type: string
Int Value: 0
Default Int Value: 0
Min Value: 0
Max Value: 0
String Value:
Default String Value:
Valid Characters: *
Disabling SSLv3 ProtocolTo disable SSLv3 protocol follow these steps:
- Login to ESXi using putty.exe
- Run the following command to disable SSLv3:
esxcli system settings advanced set -o /UserVars/ESXiRhttpproxyDisabledProtocols51 -s "SSLv3"
- Restart the rhttpproxy services by running the following command:
/etc/init.d/rhttpproxy restart
watchdog-rhttpproxy: Terminating watchdog process with PID 6276
rhttpproxy stopped.
rhttpproxy started.
- Run the following command to get a list of disabled protocols for hostd:
esxcli system settings advanced list -o /UserVars/ESXiRhttpproxyDisabledProtocols51
Where:
Path: /UserVars/ESXiRhttpproxyDisabledProtocols51
Type: string
Int Value: 0
Default Int Value: 0
Min Value: 0
Max Value: 0
String Value: sslv3
Default String Value:
Valid Characters: *
In event of unexpected behavior, restore the earlier backed up proxy configuration file to revert the system to clean state, as it was before.
HostProfile
Configuration of the Hostd can also be captured through host profile by following these steps:
- Log in to VC with vSphere Web Client.
- Right click the target host and click Extract Host Profile to create a new hostprofile.
- After the hostprofile is created, navigate to Home > Host Profiles > your_host_profile to edit it.
- In the Edit Host Profiles tab, you can find the entry for hostd under [Advanced Configuration Settings] > [Advanced Options] > [Advanced Configuration Options] > ESXiRhttpproxyDisabledProtocols51
- The application of hostd in host profile is the same as other settings. If the configuration for hostd is included in host profile, difference between host profile and target host for hostd is displayed and replaced when choosing the target host to apply the host profile.
Authd - Port 902
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Authd service for ESXi 5.1 patch [3872664] released on 05/24/2016 follow these steps:
- Login to ESXi using putty.exe
- To enable SSLv3, run the following command:
esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols51 -s ""
- Run the following command to get a list of disabled protocols for authd:
esxcli system settings advanced list -o /UserVars/VMAuthdDisabledProtocols51
Where:
Path: /UserVars/VMAuthdDisabledProtocols51
Type: string
Int Value: 0
Default Int Value: 0
Min Value: 0
Max Value: 0
String Value:
Default String Value:
Valid Characters: *
Disabling SSLv3 ProtocolTo disable SSLv3 protocol follow these steps:
- Login to ESXi using putty.exe
- To disable SSLv3, run the following command:
esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols51 -s "SSLv3"
- Run the following command to get a list of disabled protocols for authd:
esxcli system settings advanced list -o /UserVars/VMAuthdDisabledProtocols51
Where:
Path: /UserVars/VMAuthdDisabledProtocols51
Type: string
Int Value: 0
Default Int Value: 0
Min Value: 0
Max Value: 0
String Value: sslv3
Default String Value:
Valid Characters: *
In event of unexpected behavior, restore the earlier backed up proxy configuration file to revert the system to clean state, as it was before.
HostProfile
Configuration of the Authd can also be captured through host profile by following these steps:
- Log in to VC with vSphere Web Client.
- Right click the target host and click Extract Host Profile to create a new hostprofile.
- After the hostprofile is created, navigate to Home > Host Profiles > your_host_profile to edit it.
- In the Edit Host Profiles tab, you can find the entry for authd under [Advanced Configuration Settings] > [Advanced Options] > [Advanced Configuration Options] > VMAuthdDisabledProtocols51.
- The application of authd in host profile is the same as other settings. If the configuration for authd is included in host profile, difference between host profile and target host for authd is displayed and replaced when choosing the target host to apply the host profile.
SFCBD - Port 5989
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on SFCBD service for
ESXi 5.1 patch [3872664] released on 05/24/2016 follow these steps:
- Log in to ESXi usingputty.exe .
- Run the following command and edit the file:
vi /etc/sfcb/sfcb.cfg
enableSSLv3: true
- Save the file.
- Restart the service for configuration to take effect using below command:
/etc/init.d/sfcbd-watchdog restart
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on SFCBD service for ESXi 5.1 Update 3d follow these steps:
- Log in to ESXi usingputty.exe .
- Run the following command to modify the file and to disable SSLv3:
vi /etc/sfcb/sfcb.cfg
- Add new entry similar to the following to disable SSLv3. If the entry exists, set the value to false:
enableSSLv3: false
- Save the file.
- Run the following command to restart the service for configuration to take effect:
/etc/init.d/sfcbd-watchdog restart
/etc/init.d/sfcbd-watchdog status
sfcbd is running.
HostProfile
Configuration for CIM can also be captured by host profile:
- Log in to vCenter Server with C#.
- Right click the target host and click Extract Host Profile to create a new host profile.
- Choose Home > Host Profiles > your host profile to edit it.
- On the Edit Host Profiles tab, > Select General System Settings> Management Agent Confirguraion under SFCB Configuration > Settings > enable SSL v3
- Apply the host profile to stateful or stateless systems.
- Restart the service for configuration to take effect using below command:
/etc/init.d/sfcbd-watchdog restart
Single Sign On - Port 7444
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on SS0 service for vCenter Server 5.1 Update 3d follow these steps:
- Open the server.xml file.
- Windows default location: C:\Program Files\VMware\Infrastructure\SSOServer\conf\server.xml
- vCenter Server Appliance default location: /usr/lib/vmware-sso/conf/server.xml
- Create a backup copy of the file.
- Edit the file to add the SSLv3 value to the two instances of sslEnabledProtocols tag, so that it lists as :
sslEnabledProtocols="SSLv3,TLSv1"
- Save the file.
- Restart the vmware-sso service.
- For vCenter Server Appliance: Restart the vmware-sso service using the command service vmware-sso restart
- For Windows: Restart the vCenter Single Sign On service from services.msc.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on SS0 service for vCenter Server 5.1 Update 3d follow these steps:
- Open the server.xml file.
- Windows default location: C:\Program Files\VMware\Infrastructure\SSOServer\conf\server.xml
- vCenter Server Appliance default location: /usr/lib/vmware-sso/conf/server.xml
- Create a backup copy of the file.
- Edit the file to remove the SSLv3 value from the two instances of sslEnabledProtocols tag, to disable SSLv3 as follows
sslEnabledProtocols="TLSv1"
- Save the file.
- Restart the vmware-sso service.
- For vCenter Server Appliance: Restart the vmware-sso service using the command service vmware-sso restart.
- For Windows: Restart the vCenter Single Sign On service from services.msc.
Virtual Appliance Management Interface (VAMI) service - Port 5480
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on VAMI service for vCenter Server 5.1 Update 3d follow these steps:
- Go to /opt/vmware/etc/lighttpd/lighttpd.conf file.
- Create a backup copy of the file.
- Search for this line:
ssl.use-sslv3="disable"
- Modify the line to:
ssl.use-sslv3="enable"
- Save the file.
- Restart the VAMI Service with the following command:
service vami-lighttp restart
Disbaling SSLv3 ProtocolTo disable SSLv3 protocol on VAMI service for vCenter Server 5.1 Update 3d follow these steps:
- Go to/opt/vmware/etc/lighttpd/lighttpd.conf.
- Create a backup copy of the file.
- Search for this line:
ssl.use-sslv3="enable"
- Add the following line in the cofig file, in case there is no ssl.use-sslv3="enable"
ssl.engine = "enable"
- Modify the line to:
ssl.use-sslv3="disable"
- Save the file.
- Restart the VAMI Service with the following command:
service vami-lighttp restart
Authentication proxy (CAM) service - Port 51915
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on CAM service for vCenter Server 5.1 Update 3d follow these steps:
- Open and run the Registry Editor on the server where VMware Authentication Proxy is installed, as an administrator.
- Navigate to this location in the Registry Editor window:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
- In the navigation tree, right-click Protocols, and select New > Key.
- Enter SSL3.0 as the key name.
- Repeat step 5 to create two SSL3.0 keys. Name the two keys as Server and Client.
- Right-click on the Client key, and select New > DWORD (32-bit) Value.
- Enter DisabledByDefault as the value name.
- Double-click DisabledByDefault, and enter 0 as the data value.
- Click OK.
- Right-click on the Sever key, and select New > DWORD (32-bit) Value.
- Enter Enabled as the value name.
- Double-click Enabled, and enter 1 as the data value.
- Click OK
- Restart the server.
Disbaling SSLv3 ProtocolTo disable SSLv3 protocol on CAM service for vCenter Server 5.1 Update 3d follow these steps:
- Open and run the Registry Editor on the server where VMware Authentication Proxy is installed, as an administrator.
- Navigate to this location in the Registry Editor window:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
- In the navigation tree, right-click Protocols, and select New > Key.
- Enter SSL3.0 as the key name.
- Create two keys under SSL3.0 key and name them as Server and Client.
- Right-click on the Client key, and select New > DWORD (32-bit) Value.
- Enter DisabledByDefault as the value name.
- Double-click DisabledByDefault, and enter 1 as the data value.
- Click OK.
- Right-click on the Sever key, and select New > DWORD (32-bit) Value.
- Enter Enabled as the value name.
- Double-click Enabled, and enter 0 as the data value.
- Click OK
- Restart the server.
Syslog Collector service - Port 1514
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Syslog Collector service for vCenter Server 5.1 Update 3d follow these steps:
- Access the configuration file from the following locations:
- Windows default location:C:\ProgramData\VMware\VMware Syslog Collector\vmconfig-syslog.xml
- vCenter Server Appliance default location:/etc/syslog-ng/stunnel.conf
- Create a backup copy of the file.
- For Windows, edit the file to remove <disableSSLv3></disableSSLv3> node as shown here:
<ssl>
<defaultSSLPath>C:\ProgramData\VMware\vCenterServer\cfg\vmsyslogcollector\ssl</defaultSSLPath>
<privateKey>vmsyslogcollector.key</privateKey>
<certificate>vmsyslogcollector.crt</certificate>
</ssl>
- For VCSA:
Removeoptions=NO_SSLv3 from the configuration file.
- Save the file and restart.
- Window: Restart the vmsyslogcollector Service.
VCSA: Service syslog-collector restart
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on Syslog Collector service for vCenter Server 5.1 Update 3d follow these steps:
- Access the configuration file from the following locations:
- Windows default location: C:\ProgramData\VMware\VMware Syslog Collector\vmconfig-syslog.xml
- vCenter Server Appliance default location: /etc/syslog-ng/stunnel.conf
- Create a backup copy of the file.
- For Windows, edit the file to add <disableSSLv3></disableSSLv3> node as shown here:
<ssl>
<defaultSSLPath>C:\ProgramData\VMware\vCenterServer\cfg\vmsyslogcollector\ssl</defaultSSLPath>
<privateKey>vmsyslogcollector.key</privateKey>
<certificate>vmsyslogcollector.crt</certificate>
<disableSSLv3></disableSSLv3>
</ssl>
- For VCSA:
Add new line "options=NO_SSLv3" in the /etc/syslog-ng/stunnel.conf configuration file.
- Save the file and restart.
Windows: Restart the vmsyslogcollector service
VCSA: /etc/init.d/syslog-collector restart
VMware vSphere Web Client Service (vspherewebclientsv) - Port 9443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on vSphere Web Client Service service for vCenter Server 5.1 Update 3d follow these steps:
- Open thetomcat-server.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\config\tomcat-server.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vsphere-client/server/config/tomcat-server.xml
- Create a backup copy of the file.
- Edit the file to add SSLv3 to sslEnabledProtocols list as shown here to enable SSLv3:
<Connector port="9443" protocol="HTTP/1.1" sslEnabledProtocols="SSLv3, TLSv1">
- Save the file.
- Restart the Management webservices.
Windows: Restart VMware management webservices service.
VCSA: Restart VPXD service.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on vSphere Web Client Service service for vCenter Server 5.1 Update 3d follow these steps:
- Open thetomcat-server.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\config\tomcat-server.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vsphere-client/server/config/tomcat-server.xml
- Create a backup copy of the file.
- Edit the file to remove SSLv3 to sslEnabledProtocols="TLSv1" list as shown here to disable SSLv3:
<Connector port="9443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1">
- Save the file.
- For windows, restart the VMware Management webservices.
- For VCSA, restart VPXD.
VMware Virtual Center Server (vpxd) - Port 443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Virtual Center Server service for vCenter Server 5.1 Update 3d follow these steps:
- Open thevpxd.cfg file:
- Windows default location:C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg
- vCenter Server Appliance default location:/etc/vmware-vpx/vpxd.cfg
- Create a backup copy of the file.
- Edit the file remove the<sslOptions></sslOptions> to enable SSLv3 respectively:
<vmacore>
<cacheProperties>true</cacheProperties>
<ssl>
<useCompression>true</useCompression>
</ssl>
<threadPool>
<TaskMax>90</TaskMax>
<threadNamePrefix>vpxd</threadNamePrefix>
</threadPool>
</vmacore>
- Save the file.
- Restart the vpxd Service.
- Windows default location: Restart the VMware VirtualCenter Server service from services.msc
- vCenter Server Appliance: Execute the command from command prompt:
/etc/init.d/vmware-vpxd restart.
Disbaling SSLv3 Protocol
To disable SSLv3 protocol on Virtual Center Server service for vCenter Server 5.1 Update 3d follow these steps:
- Open thevpxd.cfg file:
- Windows default location:C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg
- vCenter Server Appliance default location:/etc/vmware-vpx/vpxd.cfg
- Create a backup copy of the file.
- Edit the file to add<sslOptions>50479104</sslOptions> to disable SSLv3:
<vmacore>
<cacheProperties>true</cacheProperties>
<ssl>
<useCompression>true</useCompression>
<sslOptions>50479104</sslOptions>
</ssl>
<threadPool>
<TaskMax>90</TaskMax>
<threadNamePrefix>vpxd</threadNamePrefix>
</threadPool>
</vmacore>
- Save the file.
- Restart the vpxd Service.
- Windows default location: Restart the VMware VirtualCenter Server service from services.msc
- vCenter Server Appliance: Execute the command from command prompt:
/etc/init.d/vmware-vpxd restart.
vCenter Inventory Service database (invsvc) - XDB Port 10109, 10443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on invsvc service for vCenter Server 5.1 Update 3d follow these steps:
- Open thequery-server-config.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\Inventory Service\lib\server\config\server-confg.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/inventoryservice/lib/server/config/server-config.xml
- Create a backup copy of the file.
- Edit the file to add SSLv3 to enabledProtocols list as shown here to enable SSLv3:
<property name="enabledProtocols" value="SSLv3,TLSv1" />
- Save the file.
- Restart the Inventory Services.
Disbaling SSLv3 ProtocolTo disable SSLv3 protocol on invsvc service for vCenter Server 5.1 Update 3d follow these steps:
- Open thequery-server-config.xmlfile:
- Windows default location:C:\Program Files\VMware\Infrastructure\Inventory Service\lib\server\config\server-confg.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/inventoryservice/lib/server/config/server-config.xml
- Create a backup copy of the file.
- Edit the file to remove SSLv3 from enabledProtocols list disable SSLv3:
<property name="enabledProtocols" value="TLSv1" />
- For VCSA:
Change the corresponding query-server-config.xml and server-config.xml files available in usr/lib/vmware-vpx/inventoryservice/lib/server/config
- Save the file.
- Restart the Inventory Service.
VMware Virtual Center Management Webservices - Port 8443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Virtual Center Management Webservices for vCenter Server 5.1 Update 3d follow these steps:
- Open theserver.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\tomcat\conf\server.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/tomcat/conf/server.xml
- Create a backup copy of the file.
- Edit the file to add SSLv3 tosslEnabledProtocols list as shown here to enable SSLv3:
<property name="enabledProtocols" value="SSLv3,TLSv1"/>
- Save the file.
- For windows, restart the VMware Management webservices.
- For VCSA, restart VPXD.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on Virtual Center Management Webservices for vCenter Server 5.1 Update 3d follow these steps:
- Open theserver.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\tomcat\conf\server.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/tomcat/conf/server.xml
- Create a backup copy of the file.
- Edit the file to remove SSLv3 tosslEnabledProtocols list as shown here to disable SSLv3:
<property name="enabledProtocols" value="TLSv1"/>
- For VCSA:
Change the value in /usr/lib/vmware-vpx/tomcat/conf/server.xml file.
- Save the file.
- Restart the Management webservices.
Windows: Restart VMware management webservices service.
VCSA: Restart VPXD service.
SPS - Port 21100(VCSA), 31100(Windows)
Enabling SSLv3 Protocol
To enable SSLv3 protocol on SPS for vCenter Server 5.1 Update 3d follow these steps:
- Open thesps-spring-config.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\Profile-Driven Storage\conf\sps-spring-config.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/sps/conf/sps-spring-config.xml
- Create a backup copy of the file.
- Edit the file to add value SSLv3 to enabledProtocolslist as shown here to enable SSLv3:
<property name="enabledProtocols" value="SSLv3,TLSv1 "/>
- Save the file.
- Restart the SPS service.
Disabling SSLv3 Protocol
To disable SSLv3 protocol on SPS for vCenter Server 5.1 Update 3d follow these steps:
- Open thesps-spring-config.xml file:
- Windows default location:C:\Program Files\VMware\Infrastructure\Profile-Driven Storage\conf\sps-spring-config.xml
- vCenter Server Appliance default location:/usr/lib/vmware-vpx/sps/conf/sps-spring-config.xml
- Create a backup copy of the file.
- To disable SSLv3, remove the string SSLv3 from the list of EnabledProtocols insps-spring-config list:
Change <property name="enabledProtocols" value="SSLv3,TLSv1"/>" to <property name="enabledProtocols" value="TLSv1"/>"
- Save the file.
- Restart the vmware-sps service.
Auto Deploy - Port 6501/6502
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Auto Deploy service for vCenter Server 5.1 Update 3d follow these steps:
- Run the following command to Connect to vCenter Server:
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Connect-VIServer -Server <FQDN_hostname or IP Address of vCenter Server>
- Run the following command to check the current status of SSLv3:
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Get-DeployOption
KeyValue
vlan-id0
disable-sslv31
- Run the following command to enable SSLv3:
To enable: PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Set-DeployOption disable-sslv3 0
- Restart the Auto Deploy service to update the change.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on Auto Deploy service for vCenter Server 5.1 Update 3d follow these steps:
- Run the following command to Connect to vCenter Server:
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Connect-VIServer -Server <FQDN_hostname or IP Address of vCenter Server>
- Run the following command to check the current status of SSLv3:
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Get-DeployOption
KeyValue
vlan-id0
disable-sslv30
- Run the following command to enable SSLv3:
To disable:PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Set-DeployOption disable-sslv3 1
- Restart the Auto Deploy service to update the change.
Log Browser - Port 12443
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Log Browser service for vCenter Server 5.1 Update 3d follow these steps:
- Open the logbrowser.properties file:
- Windows default location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\logbrowser\conf\logbrowser.properties
- vCenter Server Appliance default location: /usr/lib/vmware-logbrowser/conf/logbrowser.properties
- Create a backup copy of the file.
- Edit the file to add SSLv3 from the following line to enable SSLv3:
exclude-protocols=sslv3
- Save the file.
- Restart the Log Browser service.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on Log Browser service for vCenter Server 5.1 Update 3d follow these steps:
- Open the logbrowser.properties file:
- Windows default location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\logbrowser\conf\logbrowser.properties
- vCenter Server Appliance default location: /usr/lib/vmware-logbrowser/conf/logbrowser.properties
- Create a backup copy of the file.
- Edit the file to remove SSLv3 from the following line to disabled SSLv3:
exclude-protocols=sslv3
- Save the file.
- Restart the Log Browser service.
Update Manager - Port 9087/8084
Enabling SSLv3 ProtocolTo enable SSLv3 protocol on Update Manager service for vCenter Server 5.1 Update 3d follow these steps:
- Stop the vSphere Update Manager service.
- Go to Update Manager Install Directory.
- Edit the following to enable SSLv3:
- For port 9087, search and delete <Item>SSLv3</Item> from the jetty-vum-ssl.xml file:
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
- For port 8084 , search and delete <sslOptions>33554432</sslOptions> from the vci-interity.xml file:
<ssl>
<cipherList>AES128-SHA, AES256-SHA</cipherList>
<handshakeTimeoutMs>120000</handshakeTimeoutMS>
<sslOptions>33554432</sslOptions>
<ssl>
<ssl>
<privateKey>ssl/rui.key</privateKey>
<certificate>ssl/rui.crt</certificate>
<sslOptions>33554432</sslOptions>
<ssl>
- Save and Restart the vSphere Update Manager service.
Disabling SSLv3 ProtocolTo disable SSLv3 protocol on Update Manager service for vCenter Server 5.1 Update 3d follow these steps:
- Stop the vSphere Update Manager service.
- Go to Update Manager Install Directory.
- Edit the following to disable SSLv3:
- For port 9087, add the following text after the <New class="org.eclipse.jetty.server.ssl.SslSocketConnector"> to the jetty-vum-ssl.xml file:
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
- For port 8084, add <sslOptions>33554432</sslOptions> to the vci-interity.xml file:
<ssl>
<cipherList>AES128-SHA, AES256-SHA</cipherList>
<handshakeTimeoutMs>120000</handshakeTimeoutMS>
<sslOptions>33554432</sslOptions>
<ssl>
<ssl>
<privateKey>ssl/rui.key</privateKey>
<certificate>ssl/rui.crt</certificate>
<sslOptions>33554432</sslOptions>
<ssl>
- Save and Restart the vSphere Update Manager service.
Additional Information
For translated versions of this article, see: