It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Intronis Backup
formerly ECHOplatform

Enabling TLS 1.0 in vSphere 6.5

  • Last updated on

In order for the Backup Agent to back up virtual machines hosted in a vSphere 6.5 environment, TLS 1.0 must be enabled on all ESXi hosts. This is not limited to only those host servers involved in backups (hosting either source or recovery virtual machines) but all hosts in a cluster. These directions do not apply to versions of vSphere preceding 6.5.

Directions


Generic

The change you will need to make involves two steps, however, there are many ways to accomplish them. The generic case will outline those steps while the following section will provide a specific method for carrying out those steps. To enable TLS 1.0 on an ESXi host, do the following:

  1. Add the following line to the file "/etc/vmware/config"
    tls.protocols=tls1.0,tls1.1,tls1.2
  2. Restart the rhttpproxy service on the ESXi host
Example
Disclamer Intronis does not assume liability for any changes you make to your VMware environment. If you are unsure of how to implement the changes offered above, we recommend you contact VMware support for advice and guidance in that matter.

To carry out the goals above, this example will use PuTTY to access the ESXi host's files and services.

Allow SSH on ESXi Server
  1. In order to use PuTTY with the ESXi server, we will need to allow SSH connections through the server's firewall as well as start the SSH service. From the Home > Inventory > Hosts and Clusters view, go to the Configuration tab for the host you want to edit.
    enabletlsesxi1.png
  2. On the page labeled Security Profile, go to the Properties... link in the Services section and start the service called SSH.
    enabletlsesxi3.png
  3. Going back to the Security Profile page, click on the Properties... link in the Firewall section and check the box for SSH Server.
    enabletlsesxi4.png
Alter Config File and Restart RHTTPProxy
  1. Next, open up PuTTY, connect to the ESXi host, and log in.
    enabletlsesxi4.png
  2. Edit the "/etc/vmware/config" file using the built-in text editor, vi, with the command: vi /etc/vmware/config
    enabletlsesxi5.png
  3. When the file is opened, hit Enter until you get to the last line. Then, hit the "O" key to begin editing the line below it – on that line, enter the following: tls.protocols=tls1.0,tls1.1,tls1.2
    enabletlsesxi6.png
    Hit the "Esc" key to exit editing then type :wq and hit the "Enter" key to save the file and exit.
  4. Finally, to restart the rhttpproxy service, use the command: /etc/init.d/rhttpproxy restart
    enabletlsesxi7revised.png
  5. After completing these steps, it is advised you go back and stop the SSH service on the ESXi host.