VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3

Information

Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved SSL versions must be disabled.

VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Replace any and all 'ssl.use-*' lines with following:

ssl.use-tlsv12 = 'enable'
ssl.use-sslv2 = 'disable'
ssl.use-sslv3 = 'disable'
ssl.use-tlsv10 = 'disable'
ssl.use-tlsv11 = 'disable'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|I, CCI|CCI-002418, Rule-ID|SV-239741r679333_rule, STIG-ID|VCLD-67-000034, Vuln-ID|V-239741

Plugin: Unix

Control ID: 4c22e3e5b6243df045487ec291ced699c25533f036b037f08f17ebd71621a252