My versions:
vCenter Server 5.5 Update 2d | 27 JAN 2015 | Build 2442329
VMware ESXi™ 5.5 Update 3b | 8 DEC 2015 | 3248547
VMware Product Interoperability Matrixes says that vCenter Server 5.5u2 is a valid combo with ESXi 5.5U3.
The patch for ESXi 5.5u3b / build 3248547 disables SSLv3 (to remediate POODLE SSL vulnerability). VMware ESXi 5.5 Update 3b Release Notes
i found that after applying the patch to an ESXi host and rebooting it, vCenter could not reconnect the host.
vCenter server's /var/log/vmware/vpx/vpxd.log:
[timestamp] [[...] error 'HttpConnectionPool-006630'] [ConnectComplete] Connect failed to <cs p:[...], TCP:esxi01.example.com:443>; cnx: (null), error: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
The steps in VMware KB: Enabling SSLv3 protocol on vSphere 5.5 (hostd section) work to un-break the connectivity of vCenter to the updated ESXi host, but of course that re-enables the vulnerable SSLv3, which is undesired.
Is there a way to make ESXi 5.5 3248547 work with VCSA 5.5u2d 2442329, with both sides avoiding SSLv3?
Am I correct to assume that updating VCSA to 5.5u3 will change VCSA's SSL version behavior to work without SSLv3?
Thanks!