How to Enable TLS1.0 on NSX Edge

In one of my previous articles I wrote how NSX upgrade to 6.2.4 impacts PowerCLI as it disables TLS 1.0 ciphers on Edge Load Balancer. The fix for PowerCLI was easy but what if there are other applications still using TLS1.0 that cannot be fixed/updated?

An example is vSphere Replication 6.1.1 which does not support TLS 1.2.

There is workaround. It is possible to create application rule that specifically enables TLS 1.0. The rule syntax is:

tlsv1 enable

application-rule

 

Once the rule is created it can be added in the Advanced Configuration of the virtual Server.

virtual-server

Advertisements

One thought on “How to Enable TLS1.0 on NSX Edge

  1. Thanks Tom for this setting. It worked great for me.
    I have an other problem now. My SSL Labs score with the NSX load-balancer is “F”, I tried to add application rule to tweak nsx’s haproxy implementation but I never was able to validate a single rule. I tried to specify allowed cipher suites, inspired by the mozilla generator “https://mozilla.github.io/server-side-tls/ssl-config-generator/” (settings on haproxy and medium). Can you help me with this more advanced configuration ? Thx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s