HPE Community
HPE OneView
1833758 Members
2678 Online
110063 Solutions
New Discussion

OneView for vCenter - Disable TLS 1.0/1.1

 
SOLVED
Go to solution
msobers22
Trusted Contributor

‎08-24-2023 10:35 AM - last edited on ‎08-24-2023 09:15 PM by

‎08-24-2023 10:35 AM - last edited on ‎08-24-2023 09:15 PM by

OneView for vCenter - Disable TLS 1.0/1.1

Hello,

The OneView for vCenter (OV4VC) appliance is getting flagged by security for TLS vunerabilites. DO anyone know how to disable TLS version 1.0 and 1.1 on the appliance. The user guide is no help. 

 

Thanks in advance

0 Kudos
Reply
8 REPLIES 8
support_s
System Recommended

‎08-24-2023 11:36 AM

‎08-24-2023 11:36 AM

Query: OneView for vCenter - Disable TLS 1.0/1.1

System recommended content:

1. HPE OneView for VMware vCenter 11.1.0 Installation Guide | HPE OneView for VMware vCenter compatibility matrix

2. HPE OneView for VMware vCenter 11.1.0 User Guide | HPE OneView for VMware vCenter integration with VMware vSphere Lifecycle Manager

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-24-2023 07:21 PM

‎08-24-2023 07:21 PM

Re: OneView for vCenter - Disable TLS 1.0/1.1

What version of the OV4VC appliance are you using?
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
msobers22
Trusted Contributor

‎08-24-2023 07:34 PM

‎08-24-2023 07:34 PM

Re: OneView for vCenter - Disable TLS 1.0/1.1

Version 11.2

0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-25-2023 09:24 AM - edited ‎08-25-2023 10:27 AM

‎08-25-2023 09:24 AM - edited ‎08-25-2023 10:27 AM

Solution

Re: OneView for vCenter - Disable TLS 1.0/1.1

[UPDATED]

Thanks.  I verified with our R&D team that the OneView for VMware vCenter (OV4VC) 11.2 10.3 is the last release to support both TLS 1.0 and 1.1.  You need to update the appliance to 11.3  10.3 or newer in order to for the use of TLS 1.2.  TLS 1.0 and 1.1 are both deprecated and removed when you have OV4VC 10.3 or newer deployed.

Since you have reported the OV4VC appliance is at 11.2, I have some follow up questions:

  • What tool did you use to verify this? 
  • What port(s) did you "scan"? 
  • Does the IP or FQDN (as resovled IP address) match that of the OV4VC appliance?
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
msobers22
Trusted Contributor

‎08-25-2023 10:44 AM

‎08-25-2023 10:44 AM

Re: OneView for vCenter - Disable TLS 1.0/1.1

Hi @ChrisLynch,

 

Thatnks for the reply. The enviroment with the OV4VC belongs to a customer. I have no idea what scanning software was used to flag the vulnerability.

I just looked at your reply again, so are you sayingh that OV4VC ver 11.2 shouldn't have TLS 1.0 or 1.1 installed at all?

I will ask my customer about the ports and scanning tool.     

Thanks

//MS

0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-25-2023 10:46 AM

‎08-25-2023 10:46 AM

Re: OneView for vCenter - Disable TLS 1.0/1.1

I just looked at your reply again, so are you sayingh that OV4VC ver 11.2 shouldn't have TLS 1.0 or 1.1 installed at all?

Correct.  Which is why I'm asking the follow up questions.  TLS 1.0 and 1.1 should not be available, as we actively disabled those TLS versions.  The OV4VC appliance does not have any configuration options to enable or disable TLS versions.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
msobers22
Trusted Contributor

‎08-28-2023 02:28 PM

‎08-28-2023 02:28 PM

Re: OneView for vCenter - Disable TLS 1.0/1.1

Hey @ChrisLynch 

I finally got the rest of the story from the client. He actually has two instances of OV4VC running inhis environment. The instance that alerted in the security scan is running version 9.5.1 that is why TLS 1.0/1.1 are still active. 

Can they upgrade directly to the latest version or do they need to upgrade in steps? 

Thanks again for the help

 

 

0 Kudos
Reply
DanCernese
HPE Pro

‎08-28-2023 02:31 PM - edited ‎08-28-2023 02:34 PM

‎08-28-2023 02:31 PM - edited ‎08-28-2023 02:34 PM

Re: OneView for vCenter - Disable TLS 1.0/1.1

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00118707en_us has the upgrade matrix..  Although I see now it doesn't go back that far.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.