Trace: ncdu firstcmds vlan remote wireguard cli tsmssh cipher

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vmware:tip:cipher [2023/10/25 12:10] jsvmware:tip:cipher [2023/10/25 12:23] (current) js
Line 1: Line 1:
 ====== Change Cipher on ESXi ====== ====== Change Cipher on ESXi ======
  
-KB Article: [[https://kb.vmware.com/s/article/79476]] 
  
 ==== For port 443 (HTTPS) on ESXi ==== ==== For port 443 (HTTPS) on ESXi ====
Line 8: Line 7:
   - Take a backup of /etc/vmware/rhttpproxy/config.xml file.   - Take a backup of /etc/vmware/rhttpproxy/config.xml file.
   - Open the /etc/vmware/rhttpproxy/config.xml file in a text editor.   - Open the /etc/vmware/rhttpproxy/config.xml file in a text editor.
-  - Find a line containing <cipherList>. If it doesn't exit, the user can create it within the XML structure: +  - Find a line containing <cipherList>. If it doesn't exit, the user can create it within the XML structure:<code> 
-    <code> +<config> 
-    <config> +  <vmacore> 
-    <vmacore> +     <ssl> 
-    <ssl> +       <cipherList>...</cipherList> 
-    <cipherList>...</cipherList> +     </ssl> 
-    </ssl> +  </vmacore> 
-    </vmacore> +</config>
-    </config>+
 </code> </code>
  
-  - Replace with this line:+  - Replace with this line:<code><cipherList>!aNULL:ECDHE+AESGCM:ECDHE+AES</cipherList></code>
  
-<code><cipherList>!aNULL:ECDHE+AESGCM:ECDHE+AES</cipherList></code> +  - For changes to take effect, restart the rhttpproxy service using this command:<code bash>/etc/init.d/rhttpproxy restart</code>
- +
-  - For changes to take effect, restart the rhttpproxy service using this command: +
- +
-<code bash>/etc/init.d/rhttpproxy restart</code>+
  
  
Line 31: Line 25:
 Maybe if needed delete the  Maybe if needed delete the 
 <code>:ECDHE+AES</code> <code>:ECDHE+AES</code>
-cipherList section too.+in the cipherList section too. 
 + 
 +==== For port 5989 (CIM) on ESXi ==== 
 + 
 +  - Connect to the ESXi host through SSH 
 +  - Navigate to /etc/sfcb folder 
 +  - Take a backup of the sfcb.cfg file 
 +  - Open the sfcb.cfg file in a text editor. 
 +  - Add the below line:<code>sslCipherList: ECDHE+AESGCM:ECDHE+AES</code> 
 +  - Restart the CIM service by running this command:<code bash>/etc/init.d/sfcbd-watchdog restart</code> 
 + 
 + 
 +==== Websites & Informations ==== 
 +  * [[https://williamlam.com/2023/07/configuring-tls-cipher-suites-in-esxi-8-0-update-1.html]] 
 +  * [[https://kb.vmware.com/s/article/79476]] 
 +  * [[https://core.vmware.com/vmware-vsphere-8-default-ssltls-cipher-suites]]
  
  

Page Tools