Avamar: 7.4 vmware image backup/restore fails with SSL unsupported protocol error with older esxi releases
Summary: Avamar: 7.4 vmware image backup/restore fails with SSL unsupported protocol error with older esxi releases
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Avamar 7.4 proxy is first release to use newer VDDK 6.5 library.
Avamar 7.4 proxy image backup/restore fails connect to esx due to ssl unsupported protocol:
avvcbimage Info <16041>: VDDK:VMware VixDiskLib (6.5) Release build-424160
...
avvcbimage Info <16041>: VDDK:lib/ssl: protocol list tls1.2
..
avvcbimage Info <40638>: VM Host Name=esxi.example.com(5.1 build-xxxxx)
...
avvcbimage Info <16041>:VDDK:VixDiskLib: VixDiskLib_OpenEx: Open a disk.
....
avvcbimage Warning <16041>: VDDK:SSL: Unknown SSL Error
avvcbimage Info <16041>: VDDK:SSL Error: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
avvcbimage Warning <16041>: VDDK:SSL: connect failed (1)
Avamar 7.4 proxy image backup/restore fails connect to esx due to ssl unsupported protocol:
avvcbimage Info <16041>: VDDK:VMware VixDiskLib (6.5) Release build-424160
...
avvcbimage Info <16041>: VDDK:lib/ssl: protocol list tls1.2
..
avvcbimage Info <40638>: VM Host Name=esxi.example.com(5.1 build-xxxxx)
...
avvcbimage Info <16041>:VDDK:VixDiskLib: VixDiskLib_OpenEx: Open a disk.
....
avvcbimage Warning <16041>: VDDK:SSL: Unknown SSL Error
avvcbimage Info <16041>: VDDK:SSL Error: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
avvcbimage Warning <16041>: VDDK:SSL: connect failed (1)
Cause
Unsupported configuration.
VDDK 6.5 by default only support ESX 5.5U3b or later due to SSL TLS 1.0/1.1 vulnerabilities:
http://pubs.vmware.com/Release_Notes/en/developer/vddk/65/vsphere-vddk-65-release-notes.html
Backward compatibility of TLS with vSphere 5.5U3. If a vSphere 6.5 customer sets TLS v1.2 authentication as mandatory, backups fail on ESXi 5.5U3 and earlier hosts, with SSL Exception errors.The fix is to upgrade those ESXi hosts to 5.5U3e or later.
VDDK 6.5 by default only support ESX 5.5U3b or later due to SSL TLS 1.0/1.1 vulnerabilities:
http://pubs.vmware.com/Release_Notes/en/developer/vddk/65/vsphere-vddk-65-release-notes.html
Backward compatibility of TLS with vSphere 5.5U3. If a vSphere 6.5 customer sets TLS v1.2 authentication as mandatory, backups fail on ESXi 5.5U3 and earlier hosts, with SSL Exception errors.The fix is to upgrade those ESXi hosts to 5.5U3e or later.
Resolution
As per VMware ESX 5.0/5.1 are no longer supported the recommendation resolution step would be to upgrade esxi to 5.5U3 or higher:
http://pubs.vmware.com/Release_Notes/en/developer/vddk/65/vsphere-vddk-65-release-notes.html
"A workaround is to modify one of two configuration files on the VDDK proxy. The /etc/vmware/config or CommonAppDataFolder\config.ini file sets the entire proxy, while $USER/.vmware/config or %USERNAME%\AppData\config.ini sets just one user. Add the following line to the appropriate file:
tls.protocols=tls1.0,tls1.1,tls1.2"
http://pubs.vmware.com/Release_Notes/en/developer/vddk/65/vsphere-vddk-65-release-notes.html
"A workaround is to modify one of two configuration files on the VDDK proxy. The /etc/vmware/config or CommonAppDataFolder\config.ini file sets the entire proxy, while $USER/.vmware/config or %USERNAME%\AppData\config.ini sets just one user. Add the following line to the appropriate file:
tls.protocols=tls1.0,tls1.1,tls1.2"
For Avamar proxy: 1 ssh into avamar proxy as root 2. edit the /etc/vmware/config using vi add the following to the bottom of file: tls.protocols=tls1.0,tls1.1,tls1.2 For example: BEFORE: .encoding = "UTF-8" vmware.fullpath = "/usr/bin/vmware" vix.libdir = "/usr/lib/vmware-vix" AFTER: .encoding = "UTF-8" vmware.fullpath = "/usr/bin/vmware" vix.libdir = "/usr/lib/vmware-vix" tls.protocols=tls1.0,tls1.1,tls1.2 |
Affected Products
AvamarProducts
AvamarArticle Properties
Article Number: 000167472
Article Type: Solution
Last Modified: 05 Mar 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.