ESXi: esxi-8.tls-protocols

Information

The ESXi host must enable the highest version of TLS supported. ESXi 8 ships with TLS 1.2 enabled by default, but it is possible to re-enable other protocols if necessary.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value "sslv3,tlsv1,tlsv1.1"

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(2), CCI|CCI-002420, CCI|CCI-002422

Plugin: VMware

Control ID: 737d66f9362e809500e46049e80758548b5fd2596882a4dba717280951d6e8ab