Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products
Article ID: 319422
Updated On:
Products
VMware
VMware Aria Suite
VMware Live Recovery
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Due to security concerns in the TLSv1.0 protocol, both Payment Card Industry (PCI) and BSI organizations have suggested to implement and enable TLSv1.1 or TLSv1.2, and move away from the use of TLSv1.0 as soon as possible. In this article we are providing the current status of that implementation across applicable VMware products.
Disclaimer:
- Some products or older release versions of some products may not be listed here because either there are no plans for implementing the newer TLS protocols or where TLS changes are not applicable. These products may have reached or are approaching their End of Availability (EOA) or End of Service (EOS).
- If you do not observe your product in the tables below or want to get notified in future when the implementation becomes available, please Subscribe to Document to be alerted when more information becomes available.
Environment
VMware vCenter Server 6.0.x
VMware vRealize Automation 7.0.x
VMware vSphere Replication 6.0.x
VMware vRealize Automation 7.0.x
VMware vSphere Replication 6.0.x
Resolution
From implementation perspective, TLSv1.1/1.2 enablement is always done as default whereas TLSv1.0 disablement might have been either Default (disabled by default) or through an Option (can be disabled through an option). Review the Implementation Type for TLSv1.0 Disablement to know how it has been implemented.
By design, VMware attempts to have all services communicate on the highest protocol available within and between products.
Note: For backwards compatibility and interoperability considerations, in some products, although TLSv1.0 disablement is implemented as default, there may be an option to revert that change. Check the documentation provided to know the details as applicable.
The products and their status are listed in 3 tables below.
- Product where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are completed.
- Products where only TLSv1.1/1.2 Enablement has been completed but TLSv1.0 Disablement is pending
- Products where both implementations, TLSv1.1/1.2 Enablement and TLSv1.0 Disablement, are pending.
Notes:
- The TLSv.1.0 Disablement Version is the first release with TLSv1.0 disabled, all subsequent releases will have this disabled by default.
- The TLSv1.1/1.2 Enablement Version is the first release with TLSv1.1/1.2 enabled always by default, all subsequent releases will have this disabled by default.
1. Product where both TLSv1.1/1.2 Enablement and TLSv1.0 Disablement are Completed
|
Product
|
TLSv1.1/1.2 Enablement (always default)
Version |
TLSv1.0 Disablement
|
|
|
Version
|
Implementation
Type |
||
| VMware Platform Services Controller (External) 6.x VMware Platform Services Controller Appliance (External) 6.x |
6.7 | 6.7 | Default |
|
6.5
|
6.5
|
Option
|
|
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
|
|
VMware Identity Manager 2.x
|
2.6
|
2.6
|
Default
|
|
VMware vCloud Director for Service Providers 8.x
|
8.10
|
8.10
|
Option
|
|
VMware vCloud Availability for vCloud Director 1.x
|
1.0.1
|
1.0.1
|
Option
|
|
VMware vCloud Usage Meter 3.5
|
3.5
|
3.5
|
Default
|
| VMware vCloud Usage Meter 3.6 | 3.6 | 3.6 | Default |
|
VMware vCloud Air Hybrid Cloud Manager 2.x
|
2.0
|
2.0
|
Option
|
|
VMware vRealize Business Advanced and Enterprise 8.x
|
8.2.4
|
8.2.4
|
Default
|
|
VMware vRealize Business Standard for Cloud 7.x
|
7.1.0
|
7.1.0
|
Default
|
|
VMware vRealize Configuration Manager 5.x
|
5.8.2
|
5.8.3
|
Default
|
|
VMware NSX for vSphere 6.x
Includes: Manager, Controller, Endpoint, Edge. |
6.2.4
|
6.2.4
|
Option
|
|
VMware vCenter Server 6.x
VMware vCenter Server Appliance 6.x |
6.7
|
6.7
|
Default |
| 6.5 | 6.5 | Option | |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
|
|
vCenter Server Heartbeat 6.6.x
|
6.6 Update 2
|
6.6 Update 2
|
Option
|
|
VMware vRealize Automation 7.x
|
7.0.1
|
7.1.0
|
Option
|
|
VMware vRealize Orchestrator 7.x
|
7.0.0
|
7.0.1
|
Default
|
|
VMware vSphere Update Manager 6.x
|
6.5
|
6.5
|
Option
|
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
|
|
VMware vRealize Infrastructure Navigator 5.8.x
|
5.8.5
|
5.8.5
|
Option
|
|
VMware vCenter Support Assistant 6.x
|
6.0.2
|
6.0.2
|
Default
|
|
VMware vRealize Operations 6.2.x
|
6.2.0
|
6.2.x
|
Option
|
|
VMware vRealize Operations Management pack for MEDITECH 1.0
|
6.2.0
|
6.2.x
|
Option
|
|
VMware vRealize Operations Management pack for Epic 1.0
|
6.2.0
|
6.2.x
|
Option
|
|
VMware vRealize Operations Management pack for Published Applications 6.x
|
6.1.1
|
6.1.1
|
Default
|
|
VMware vRealize Hyperic 5.x
|
5.8.6
|
5.8.6
|
Default
|
|
VMware vRealize Log Insight 4.x
|
4.0
|
4.0
|
Option
|
|
VMware vRealize Log Insight 3.x
|
3.0
|
3.0
|
Option
|
|
VMware Site Recovery Manager 6.x |
6.5
|
6.5
|
Default
|
|
6.1
|
6.1.1
|
Option
|
|
|
VMware vSphere Replication 6.x |
6.5
|
6.5
|
Default
|
|
6.1.1 |
6.1.1 |
Option |
|
|
VMware ESXi 6.x
|
6.7
|
6.7
|
Option
|
| 6.5 | 6.5 | Option | |
|
6.0 Update 3
|
6.0 Update 3
|
Option
|
|
|
VMware Tools 10.x
|
10.0.0
|
10.1.0
|
Default
|
|
VMware vSAN 6.x |
6.7
|
6.7
|
Option
|
| 6.6 | 6.6 | Option | |
| 6.5 | 6.5 | Option | |
|
6.2
|
6.2
|
Option
|
|
|
VMware AppVolumes 2.x
|
2.11.0
|
2.11.0
|
Default
|
|
VMware AppVolumes 3.x
|
3.0
|
3.0
|
Default
|
|
VMware vRealize Code Stream 2.x
|
2.1.0
|
2.1.0
|
Option
|
|
VMware Remote Console 8.x
|
8.0
|
8.0
|
Default
|
|
VMware vFabric tc Server 2.9.x
|
2.9.13
|
2.9.13
|
Option
|
|
VMware Horizon for Linux 6.2.x
|
6.2.1
|
6.2.1
|
Default
|
|
VMware Horizon Client 4.x
|
4.0.1
|
4.0.1
|
Option
|
|
VMware Horizon View 7.x
|
7.0
|
7.0
|
Default
|
|
VMware Horizon View 6.x
|
6.2.1
|
6.2.1
|
Default
|
|
VMware Horizon Air 16.x
|
16.6.0
|
16.6.0
|
Option
|
|
Horizon Daas 7.0
|
7.0.0
|
7.0.0
|
Default
|
|
VMware Mirage
|
5.7
|
5.7
|
Option
|
|
VMware Horizon Air Hybrid-mode 1.x
|
1.0
|
1.0
|
Default
|
|
VMware Software Manager - Download Server
|
1.3
|
1.3
|
Default
|
|
VMware Photon OS
|
1.0
|
1.0
|
Option
|
|
VMware Continuent 5.x
Includes: Analytics and Big Data, Cluster, Disaster Recovery, Replication |
5.0
|
5.0
|
Default
|
|
VMware vSphere Big Data Extension 2.3.x
|
2.3.2
|
2.3.2
|
Option
|
|
NSX-T
|
1.1
|
1.1
|
Default
|
|
vCenter Chargeback Manager
|
2.7.2
|
2.7.1
|
Default
|
|
VMware Network Insight 3.x
|
3.3
|
3.3
|
Default
|
2. TLSv1.1/1.2 Enablement Completed and TLSv1.0 Disablement Pending
As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.
</u>
| Product | TLSv1.1/1.2 Enablement (always default) Version |
TLSv1.0 Disablement Planned Version |
| VMware vCenter Converter Standalone 6.x | 6.1.1 | (Pending) |
| VMware Fusion 8.x | 8.0.0 | (Pending) |
| VMware Workstation Pro/Player 12.x | 12.0.0 | (Pending) |
| VMware vSphere Data Protection 6.1.x | 6.14 | (Pending) |
3. TLSv1.1/1.2 Enablement Pending and TLSv1.0 Disablement Pending
As the products are released with both implementations done, they will be moved from this section to the top table; however, products and their availability are subject to change, and may remain in this table.
| Product | TLSv1.1/1.2 Enablement (always default) Planned Version |
TLSv1.0 Disablement Planned Version |
Documentation |
| VMware Photon Controller 1.x | (Pending) | (Pending) |
(Pending) |
| Bitfusion 3.0 | 3.5 | 3.5 | (Pending) |
Additional Information
Configure PCoIP security protocols and cipher suites for Horizon 7 components
Enabling the TLSv1.1 and TLSv1.2 protocols for PowerCLI
How to disable TLS 1.0 and 1.1 in vRealize Operations Manager 6.x
Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers
How to disable Transport Layer Security (TLS) 1.0 on NSX
How to disable TLS v1.0 in vRealize Log Insight
Managing TLS protocol configuration for vSphere 6.5
Feedback
Yes
No
Powered by
