Impact on NSX 4.2 when disabling vCenter Server weak ciphers (TLS v1.0 and 1.1)
search cancel

Impact on NSX 4.2 when disabling vCenter Server weak ciphers (TLS v1.0 and 1.1)

book

Article ID: 416849

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

This KB article aims to guide the potential impact on NSX 4.2 when disabling vCenter Server weak ciphers TLS v1.0 and 1.1. 

Starting with NSX 4.2, all NSX components communicate using OpenSSL 3.0. 

Certificates that are not supported:
• Certificates with a key size of 1024
• SHA1, MD5


Cipher suites that are not supported:
• 3DES
• ECDH


Protocols that are not supported:
• SSL 3.0
• TLS 1.0
• TLS 1.1

Environment

VMware NSX 4.2.x

Cause

 TLS 1.0 and TLS 1.1 are not supported protocols on NSX 4.2

Resolution

Disabling vCenter Server's weak ciphers, TLS v1.0 and 1.1, will have no impact on NSX 4.2. 

Additional Information

NSX 4.2 Encryption Compatibility: Unsupported Certificates, Cipher Suites, and Protocols

NSX 4.2 Cryptographic Support (page 1483)

Powered by Wolken Software