2

I tried to disable the SSLv3 and enable the TSLv1.2 on my esxi server by changing the following options on /etc/vmware/rhttpproxy/config.xml by adding TLSv1.2. and restarted the hostd and rhttpproxy services.

But, It is making the vspere client to disconnect and not connecting after changing the configuration to TLSv1.2.

Please help me on steps to disble SSLV3 and enable only TLS on esxi5.5

shashi
  • 51
  • 2
  • 5

2 Answers2

3

Just update your vCenter to the latest (5.5u3 as of today).

There's nothing to do on the ESXi/host side as the exploit can't really do anything, but feel free to upgrade them to the latest too if you wish.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • As per the vmware community portal..they suggested that they are not going removing SSLv3 support from esxi6. Iam not a vcenter user. Iam using a stand alone esxi5.5 with VSphere client 5.5 . Was the esxi5.5 is accessible through VSphere client-6. If yes, we can change the cipher in ESXi to TLSv1.2 and re-mediate the poodle .. – shashi Sep 24 '15 at 11:22
  • And is there any method to disable the SSLv3 support from ESXi5.5 for port number 443 in--order to re-mediate the poodle vulnerability. It is not effecting from the server side .But, Qualys scan reports that server is vulnerable with the poodle from esxi end. – shashi Sep 24 '15 at 11:42
  • 3
    I really hope you don't have public facing VMware consoles. – Jacob Evans Sep 27 '15 at 04:56
  • 1
    We upgraded the ESXi5.5 to ESXi6 and it started working fine with disabling the SSLv3 and SSLV2 support.Up grade is straight forward with esxcli command line. – shashi Oct 09 '15 at 04:53
0

The TLS issue on ESXI host has been resolved on ESXI6 and later version.Version upgrade has fixed the issue related to ESXi TLS. But, we need a different for ESXi 6 Licence from ESXi5.

shashi
  • 51
  • 2
  • 5