VMware Cloud Director requires the client connections to be secure. SSL version 3 and TLS version 1.0 and 1.1 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. System administrators can enable more protocols and cipher suites. See the Cell Management Tool section in the VMware Cloud Director Installation, Configuration, and Upgrade Guide. The following security protocols are supported:
To activate the deactivated versions, see KB 88929.
Supported cipher suites activated by default:
important :
If you want to use TLS version 1.3, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, or both must be activated.
support cipher suite deactivate by default :
-
TLS_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_256_GCM_SHA384
-
TLS_RSA_WITH_AES_128_GCM_SHA256
-
tls_rsa_with_aes_256_cbc_sha256
-
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-
TLS_RSA_WITH_AES_256_CBC_SHA
-
TLS_RSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_128_CBC_SHA
System administrators can use the cell management tool to explicitly enable the supported cipher suites that are deactivated by default.
© Copyright notes
The copyright of the article belongs to the author, please do not reprint without permission.
Related posts
No comments...
