Information
The ESXi host must maintain confidentiality and integrity of transmissions by enabling modern TLS ciphers. In ESXi 8.0.3 and newer, TLS profiles are available to configure client and server TLS settings to use only strong ciphers. You can view the entire cipher list and suites using:
$ESXcli = Get-EsxCli -VMHost $ESXi -V2
$arguments = $ESXcli.system.tls.server.get.CreateArgs()
$arguments.showprofiledefaults = $true
$arguments.showcurrentbootprofile = $true
$ESXcli.system.tls.server.get.invoke($arguments)
The host will require a reboot after setting this parameter (and will display in the vSphere Client with the suffix of "(Reboot Required)").
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
$ESXcli = Get-EsxCli -VMHost $ESXi -V2
$arguments = $ESXcli.system.tls.server.set.CreateArgs()
$arguments.profile = "NIST_2024"
$ESXcli.system.tls.server.set.invoke($arguments)