How to remediate incompatible load balancer objects (OpenSSL 3.0) found during NSX-v to NSX (NSX-T) migration
search cancel

How to remediate incompatible load balancer objects (OpenSSL 3.0) found during NSX-v to NSX (NSX-T) migration

book

Article ID: 368006

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

You see the an issue similar to one of the following reported when beginning an NSX-v to NSX (NSX-T) migration:

  • SSL profile includes not supported property
  • Virtual server properties not supported

If you click the highlighted profile feedback, you can get detailed information regarding the failure reason. In either circumstance, you see that OpenSSL 3 is noted.

Environment

NSX 4.2

Cause

NSX 4.2 upgrades to OpenSSL3.0 for security considerations. OpenSSL3.0 (by default security level 1 and FIPS on) has stricter requirements for the cipher suite/SSL protocol/certificate used in SSL connections. 

OpenSSL3.0 validates:

  1. Certificate:
    1. 1024 key size cert is no longer supported.
    2. SHA1, MD5 cert are not allowed.
  2. Cipher suite:
    1. 3DES cipher suites are not supported.
    2. ECDH- cipher suites are not supported.
  3. SSL protocol:
    1. SSLv3 TLS1.1 TLS1.0 protocols are not supported

Resolution

In case of  an NSX-v to NSX (NSX-T) migration error, the attached document provides detailed instructions needed to update your NSX configuration and pass the migration checks.

Attachments

NSX OpenSSL Upgrade – V2T LB impact.pdf get_app
Powered by Wolken Software