Skip to main content
Intronis Partner Toolkit

Enabling TLS 1.0 in vSphere 6.5

In order for the Backup Agent to back up virtual machines hosted in a vSphere 6.5 environment, TLS 1.0 must be enabled on all ESXi hosts.  This is not limited to only those host servers involved in backups (hosting either source or recovery virtual machines) but all hosts in a cluster.  These directions do not apply to versions of vSphere preceding 6.5.

 

Directions


Generic

The change you will need to make involves two steps, however there are many ways to accomplish them.  The generic case will outline those steps while the following section will provide a specific method for carrying out those steps.  To enable TLS 1.0 on an ESXi host, do the following:

  1. Add the following line to the file "/etc/vmware/config"

    tls.protocols=tls1.0,tls1.1,tls1.2

  2. Restart the rhttpproxy service on the ESXi host

 

Example

Disclamer:  Intronis will not assume liability for any changes you make to your VMware environment.  If you are unsure of how to implement the changes offered above, we recommend you contact VMware support for advice and guidance in that matter.

To carry out the goals above, this example will use PuTTY to access the ESXi host's files and services.

Allow SSH on ESXi Server
  1. In order to use PuTTY with our ESXi server, we will need to allow SSH connections through the server's firewall as well as start the SSH service.  From the Home > Inventory > Hosts and Clusters view, go to the Configuration tab for the host you want to edit.

  2. On the page labeled Security Profile, go to the Properties... link in the Services section and start the service called SSH.

  3. Going back to the Security Profile page, click on the Properties... link in the Firewall section and check the box for SSH Server.

Alter Config File and Restart RHTTPProxy
  1. Next, open up PuTTY, connect to the ESXi host, and log in.

  2. Edit the "/etc/vmware/config" file using the built-in text editor, vi, with the command:

    vi /etc/vmware/config

  3. When the file is opened, hit the "Enter" key until you get to the last line.  Then, hit the "O" key to begin editing the line below it – on that line, enter the following:

    tls.protocols=tls1.0,tls1.1,tls1.2


    Hit the "Esc" key to exit editing then type :wp and hit the "Enter" key to save the file and exit.
     

  4. Finally, to restart the rhttpproxy service, use the command:

    /etc/init.d/rhttpproxy restart

  5. After completing these steps, it is advised you go back and stop the SSH service on the ESXi host.

  • Was this article helpful?