Skip to main content

The process of hardening an Environment is always a matter of long discussion and required in some a case a lot of additional advanced configuration in order to respect the “Security” standards. If you get here probably you are dealing with all of this, in particular with the TLS protocol hardening. Before starting and getting to the point of this article I really recommend you to read the great VMware documentation you can find here: https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-82028A21-8AB5-4E2E-90B8-A01D1FAD77B1.html

In my case, I’ve already done the steps needed for disabling the 1.0 and 1.1 TLS Protocols of my vCenter with Embedded PSC and now I need to perform the step regarding the ESXi Hosts.
I just paste here the step directly from the VMware documentation:

At this point, I just followed this step in order to disable the TLS 1.0 and 1.1 for a cluster (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-BDCE47DD-8AD2-4C98-94FF-7769D0BEE1C2.html) by launching this command:

./reconfigureEsx vCenterCluster -c Cluster_Name -u administrator@vsphere.local -p TLSv1.2

but immediately after that, I get the following error:

“EOF occurred in violation of protocol”

By doing some research I found on this reddit thread a user that had the exact same issue. In the end, the solution for him was to get in touch with the support and disable the “Proxy” if you have it configured on the appliance VAMI but ALSO via ssh by modifying this file “/etc/sysconfig/proxy” that store that configuration. In order to do that I’ve just opened the file with a file editor, “vi” for example, and edited this line:

PROXY_ENABLED=”yes” into PROXY_ENABLED=”no”

After that, you must reboot the vCenter to let the changes take effect:

reboot -f

Leave a Reply

Giovanni Dominoni's Tech Blog