Apr 19

Supported vSphere vCenter and ESXi Ciphers

Hi everyone,

One question that comes up regularly is “What ciphers are supported on vCenter and ESXi?”. I’m happy to share that we have published a VMware Knowledge Base article outlining the supported ciphers!

With all of the challenges around SSL/TLS the past year or two, having a solid idea of what ciphers are being used is becoming critical information that is necessary for IT and security teams to do their jobs.

Rather than list the ciphers here, I’ll just point you at the KB as it will be the central repository for this information and will be updated as necessary.

Please note that on some products like VCSA you’ll find more than one OpenSSL binary. For example, the VCSA will ship with a default OpenSSL binary from SUSE, the OS provider and from VMware. VMware uses OpenSSL we develop and ship and not the OS binaries. When this list was created it was done using the VMware binaries. This is helpful to understand in case your scanning tools only check against the OS binaries and report a false positive.

If you have questions, please respond directly to the KB using the provided feedback mechanism at the end of the KB article.

Thanks for reading!

If you liked these posts, please let me know! If you have comments, please reply here, to @vspheresecurity or @mikefoley on Twitter or via email to mfoley@VMware.com or mike@yelof.com