VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11

Information

Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved SSL versions must be disabled.

VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Replace any and all 'ssl.use-*' lines with following:

ssl.use-tlsv12 = 'enable'
ssl.use-sslv2 = 'disable'
ssl.use-sslv3 = 'disable'
ssl.use-tlsv10 = 'disable'
ssl.use-tlsv11 = 'disable'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CAT|I, CCI|CCI-002418, Rule-ID|SV-239741r879810_rule, STIG-ID|VCLD-67-000034, Vuln-ID|V-239741

Plugin: Unix

Control ID: 5eaf14d200d543e253b46531ad1da241f073b54ce03e081133be78b7c519f851