How to disable sslv3 protocol on Vmware ESXi 6.0

How to disable SSL version 3 (sslv3) on Vmware ESXi 6.0 host?
kwongluk_pangAsked:
Who is Participating?
 
gheistCommented:
You need to insist that vmware fixes the security hole.
By disabling ciphers you will keep SSLv3  and just leave no working encryption.
0
 
arnoldCommented:
Disable the option within OpenSSL.conf
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
I believe VMware is planning to phase out SSL v3 from it's products.

The POODLE attack, is against the client, not the server.

This should be disabled in your Browser.

This is probbaly one for VMware Support, because vSphere 6.0 was GA, at the time of POODLE.

see also here

VMware KB: VMware Products and CVE-2014-3566 (POODLE)
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
gheistCommented:
vsphere 6 was GA 4 months after poodle...
0
 
kwongluk_pangAuthor Commented:
if I want to disable in ESXi6.0 instead of browser,  Can this be done? I don't find SSLv3 setting in openssl.conf file.
0
 
arnoldCommented:
Within OpenSSL.conf there is a line that defines which crypt/protocols are available.

http://www.openssl.org/docs/apps/ciphers.html
You would need to replace ALL with the TLS........... Only excluding others.  Make sure to test that .....
0
 
gheistCommented:
In the meantime vmware tells that ESXi interfaces are not accessed by a browser, so they will disable SSLv3 with next major update i.e. 6u1 5.5u3 etc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.