• Infrastructure upgraded to NSX version 4.2.3.1 exhibits automatic enablement of specific cipher suites.
• Attempts to manually disable TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 ciphers are unsuccessful.
• Verification through the GET API call to the NSX Manager cluster API service confirms active cipher suites and protocols.

VMware NSX

• Ciphers are recognized as mandatory components because TLS 1.3 is enabled within the NSX environment.
• Protocol architecture for TLS 1.3 inherently depends on these specific ciphers to maintain functional integrity.
• Active configuration response for the cluster api-service validates that these suites are required for supported TLS 1.3 communication.

• Disabling the TLS 1.3 protocol is required if these specific ciphers must be removed from the environment.
• Retention of cipher TLS_AES_128_GCM_SHA256 is recommended as it is specific to TLS 1.3 and presents no known security vulnerabilities.
• Modification of the API service configuration is performed via the documented NSX Manager cluster API procedures.
  To disable or enable NSX Manager ciphers and TLS settings.