Enabling TLSv1 for vCloud Director 8.20

Posted on 09/03/2017 · Posted in VMware

Enabling TLS1 is needed for vCD 8.20 if you wish to use Usage Meter 3.50 (currently the latest release) and the links provided in the vCD 8.20 release notes refer to the vCD 8.20 Documentation Center.

The funny thing is that all commands talk about resetting to default protocols and and disabling specific protocols. The default allowed protocols list has changed for vCD 8.20 and thus TLS1 can’t be enabled by resetting to defaults.

However by disabling specific protocols we can enable the one we want. So by disabling SSLv3 and SSLv3Hello we enable TLS1. Now that’s funny :)

./cell-management-tool ssl-protocols -d SSLv3,SSLv2Hello

This is fairly counter-intuitive so thought I’d make this post. The Same issue also affected our Console Connections who got stuck in an “Disconnected” state.

The  console-proxy.log showed the following errors:

2017-03-09 11:58:43,936 | DEBUG | consoleproxy | SimpleProxyConnectionHandler | Initiated handling for channel 0x44914b9e [java.nio.channels.SocketChannel[connected local=/n.n.n.n:443 remote=/y.y.y.y:61649]] |
2017-03-09 11:58:43,938 | DEBUG | pool-consoleproxy-4-thread-5734 | SSLHandshakeTask | Exception during handshake: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported |