Change Cipher on ESXi

1. Connect to the ESXi host through SSH.
2. Take a backup of /etc/vmware/rhttpproxy/config.xml file.
3. Open the /etc/vmware/rhttpproxy/config.xml file in a text editor.
4. Find a line containing <cipherList>. If it doesn't exit, the user can create it within the XML structure:

   <config>
     <vmacore>
        <ssl>
          <cipherList>...</cipherList>
        </ssl>
     </vmacore>
   </config>

1. Replace with this line:

   <cipherList>!aNULL:ECDHE+AESGCM:ECDHE+AES</cipherList>

1. For changes to take effect, restart the rhttpproxy service using this command:

   /etc/init.d/rhttpproxy restart

Maybe if needed delete the

:ECDHE+AES

in the cipherList section too.

1. Connect to the ESXi host through SSH
2. Navigate to /etc/sfcb folder
3. Take a backup of the sfcb.cfg file
4. Open the sfcb.cfg file in a text editor.
5. Add the below line:

   sslCipherList: ECDHE+AESGCM:ECDHE+AES

6. Restart the CIM service by running this command:

   /etc/init.d/sfcbd-watchdog restart

• https://williamlam.com/2023/07/configuring-tls-cipher-suites-in-esxi-8-0-update-1.html
• https://kb.vmware.com/s/article/79476
• https://core.vmware.com/vmware-vsphere-8-default-ssltls-cipher-suites