Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vmware:tip:cipher [2023/10/25 12:08] jsvmware:tip:cipher [2023/10/25 12:23] (current) js
Line 1: Line 1:
 ====== Change Cipher on ESXi ====== ====== Change Cipher on ESXi ======
  
-KB Article: [[https://kb.vmware.com/s/article/79476]] 
  
 ==== For port 443 (HTTPS) on ESXi ==== ==== For port 443 (HTTPS) on ESXi ====
  
-  Connect to the ESXi host through SSH. +  Connect to the ESXi host through SSH. 
-  Take a backup of /etc/vmware/rhttpproxy/config.xml file. +  Take a backup of /etc/vmware/rhttpproxy/config.xml file. 
-  Open the /etc/vmware/rhttpproxy/config.xml file in a text editor. +  Open the /etc/vmware/rhttpproxy/config.xml file in a text editor. 
-  Find a line containing <cipherList>. If it doesn't exit, the user can create it within the XML structure: +  Find a line containing <cipherList>. If it doesn't exit, the user can create it within the XML structure:<code> 
-   <code> +<config> 
-    <config> +  <vmacore> 
-    <vmacore> +     <ssl> 
-    <ssl> +       <cipherList>...</cipherList> 
-    <cipherList>...</cipherList> +     </ssl> 
-    </ssl> +  </vmacore> 
-    </vmacore> +</config> 
-    </config> +</code>
-    </code> +
-     +
-    Replace with this line:+
  
-    <code><cipherList>!aNULL:ECDHE+AESGCM:ECDHE+AES</cipherList></code> +  - Replace with this line:<code><cipherList>!aNULL:ECDHE+AESGCM:ECDHE+AES</cipherList></code>
-      +
-    For changes to take effect, restart the rhttpproxy service using this command:+
  
-    <code bash>/etc/init.d/rhttpproxy restart</code>+  - For changes to take effect, restart the rhttpproxy service using this command:<code bash>/etc/init.d/rhttpproxy restart</code>
  
  
Line 31: Line 25:
 Maybe if needed delete the  Maybe if needed delete the 
 <code>:ECDHE+AES</code> <code>:ECDHE+AES</code>
-cipherList section too.+in the cipherList section too. 
 + 
 +==== For port 5989 (CIM) on ESXi ==== 
 + 
 +  - Connect to the ESXi host through SSH 
 +  - Navigate to /etc/sfcb folder 
 +  - Take a backup of the sfcb.cfg file 
 +  - Open the sfcb.cfg file in a text editor. 
 +  - Add the below line:<code>sslCipherList: ECDHE+AESGCM:ECDHE+AES</code> 
 +  - Restart the CIM service by running this command:<code bash>/etc/init.d/sfcbd-watchdog restart</code> 
 + 
 + 
 +==== Websites & Informations ==== 
 +  * [[https://williamlam.com/2023/07/configuring-tls-cipher-suites-in-esxi-8-0-update-1.html]] 
 +  * [[https://kb.vmware.com/s/article/79476]] 
 +  * [[https://core.vmware.com/vmware-vsphere-8-default-ssltls-cipher-suites]]
  
  

Page Tools