vRealize Operations Manager disables SSLv3 by default. You must disable weak protocols on all load balancers before you put the system into production.

1

Verify that the protocols are enabled. To verify that the protocols are enabled, run the following commands on each node:

grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.properties | grep -v '#'

The following result is expected:

cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1
grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.native.properties | grep -v '#'

The following result is expected:

cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1
grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties | grep -v '#'

The following result is expected:

cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1

2

Disable TLS 1.0.

a

Navigate to the administrator user interface at url/admin .

b

Click Bring Offline.

c

To disable SSLv3 and TLS 1.0, run the following commands:

sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 
TLSv1.1" /usr/lib/vmware-vcops/user/conf/gemfire.properties
sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 
TLSv1.1" /usr/lib/vmware-vcops/user/conf/gemfire.native.properties
sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 
TLSv1.1" /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties

Repeat this step for each node

d

Navigate to the administrator user interface.

e

Click Bring Online.

3

Reenable TLS 1.0.

a

Navigate to the administrator user interface to bring the cluster offline: url/admin.

b

Click Bring Offline.

c

To ensure that SSLv3 and TLS 1.0 are disabled, run the following commands:

sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 TLSv1.1 
TLSv1" /usr/lib/vmware-vcops/user/conf/gemfire.properties 
sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 TLSv1.1 
TLSv1" /usr/lib/vmware-vcops/user/conf/gemfire.native.properties
sed -i "/^[^#]*cluster-ssl-protocol/ c\cluster-ssl-protocols=TLSv1.2 TLSv1.1 
TLSv1" /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties
				  

Repeat this step for each node.

d

Navigate to the administrator user interface to bring the cluster online.

e

Click Bring Online.