To address security vulnerabilities such as SWEET32 and SSL RC4 Cipher Suites Supported (Bar Mitzvah), the VM Access Proxy now supports a configurable white list of protocols and ciphers. This means that the VMware Remote Console (VMRC) plug-in will no longer work by default; you must edit the config.properties file on the appliance to enable the VMRC plug-in, which is required for console connections to VMs on vCenter versions earlier than 5.0.


In addition, only TLSv1.2 is now supported by default. To enable another version of TLS, you must edit the config.properties file. This article provides instructions on how to do this using two different clients, but you may make the edits using any application, including vi right from the shell.

To use the clients covered in this article, you must first enable SSH and make the config.properties file writeable.


  1. Login to the VM Access Proxy using a console connection.

    username
    : vcommander
    password: gRHrB211

  2. Issue the command sudo service ssh start.

    blob1477576488135.png
  3. Issue the command sudo chmod -R 777 /etc/tomcat7/config.properties.
  4. When you complete your configuration changes, restart the VM Access Proxy appliance to stop the SSH service and load the changes.


Using Filezilla to Edit config.properties


Filezilla is a free, open source FTP client that also supports secure copy.

Download and install Filezilla and complete the steps below to connect and edit the config.properties file.


  1. Under the File menu, choose Site Manager.
  2. Click New Site and name it VM Access Proxy.
  3. Enter the hostname or IP address of the VM Access Proxy in the Host field.
  4. Choose SFTP - SSH File Transfer Protocol from the Protocol menu.
  5. Choose Normal as the Logon Type.
  6. Enter the Username (vcommander) and Password (gRHrB211).
  7. Click Connect.
  8. If you are using the self-signed certificate, you will receive a warning that the connection is untrusted. Check Always trust this host, add this key to the cache and click OK.

  9. Enter /etc/tomcat7/ in the Remote Site pane.

  10.  Right-click config.properties and choose View/Edit.
  11. Edit consoleproxy.ssl.protocol to allow TLSv1.0 or TLSv1.1 as appropriate, and add any additional ciphers to the ssl.ciphers.allowed list.


  12. Save the file. 

  13. Restart the VM Access Proxy appliance.


Using WinSCP to Edit config.properties


WinSCP is a free, open source secure copy client for Windows.


Download and install WinSCP and complete the steps below to connect and edit the config.properties file.


  1. Choose SFTP as the File protocol.
  2. Enter the hostname or IP address of the VM Access Proxy in the Hostname field.
  3. Enter the Unsername (vcommander) and Password (gRHrB211).
  4. Click Login.
  5. When presented with the authentication banner, click Continue.



  6. Browse to /etc/tomcat7/.
  7. Right-click config.properties and choose Edit > Edit.

  8. Edit consoleproxy.ssl.protocol to allow TLSv1.0 or TLSv1.1 as appropriate, and add any additional ciphers to the ssl.ciphers.allowed list.


  9. Save the file. It's safe to ignore any errors about setting permissions.

  10. Restart the VM Access Proxy appliance.