Capture the output from the check GET command and update the TLS 1.1 protocol to false.
Execute the following API call using curl or another REST API client:
PUT https://<nsx-mgr>/api/v1/cluster/api-service
Example request body:
{
"global_api_concurrency_limit": 199,
"client_api_rate_limit": 100,
"client_api_concurrency_limit": 40,
"connection_timeout": 30,
"redirect_host": "",
"cipher_suites": [
{"enabled": true, "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
{"enabled": true, "name": "TLS_RSA_WITH_AES_256_GCM_SHA384"},
{"enabled": true, "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
{"enabled": true, "name": "TLS_RSA_WITH_AES_128_GCM_SHA256"}
{"enabled": true, "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}",
{"enabled": true, "name": "TLS_RSA_WITH_AES_256_CBC_SHA256"},
{"enabled": true, "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
{"enabled": true, "name": "TLS_RSA_WITH_AES_256_CBC_SHA"},
{"enabled": true, "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
{"enabled": true, "name": "TLS_RSA_WITH_AES_128_CBC_SHA256"},
{"enabled": false, "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
{"enabled": false, "name": "TLS_RSA_WITH_AES_128_CBC_SHA"}
],
"protocol_versions": [
{"enabled": false, "name": "TLSv1.1"},
{"enabled": true, "name": "TLSv1.2"}
]
}
Note: Changes are applied to all nodes in the cluster. The API service on each node will restart after it is updated using this API. There may be a delay of up to a minute or so between the time this API call completes and when the new configuration goes into effect.