The VMware vSphere 8 Default SSL/TLS Cipher Suites have recieved an update from the vSphere 7 defaults and got rid of some legacy stuff. Still, there might be a compliance requirement to even reduce this list. The goal of this post is to get rid of everything that is SHA1 based (e.g. AES256-SHA) on the vCenter...
Recently another TAM requested some infos on this topic in VMware’s slack, finally giving me the push to publish as I had this post for ages in my drafts. Given, it is somewhat of an edge case for only a hand full of customers and the problem itself is not new but here is my take. As always please do your own research...