Use the ssl-protocols command of the cell management tool to configure the set of SSL protocols that the cell offers to use during the SSL handshake process.
When a client makes an SSL connection to a vCloud Director cell, the cell offers to use only those protocols that are configured on its list of allowed SSL protocols. Several protocols, including SSLv3 and SSLv2Hello, are not on the default list because they are known to have serious security vulnerabilities.
To manage the list of allowed SSL protocols, use a command line with the following form:
cell-management-tool ssl-protocols options
Use the --all-allowed (-a) option to list all the SSL protocols that the cell can be allowed to offer during an SSL handshake.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -a Product default SSL protocols: TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2Hello
This list is typically a superset of the SSL protocols that the cell is configured to support. To list those SSL protocols, use the --list (-l) option.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols -l Allowed SSL protocols: TLSv1.2 TLSv1.1 TLSv1
Use the --disallow (-d) option to reconfigure the list of disallowed SSL protocols. This option requires a comma-separated list of the subset of allowed protocols produced by ssl-protocols –a.
This example removes the TLSv1 SSL protocol from the list of allowed SSL protocols.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool ssl-protocols –d TLSv1,SSLv3,SSLv2Hello