VCLD-70-000024 - VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

Information

TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved Secure Sockets Layer (SSL) versions must be disabled.

VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.

Satisfies: SRG-APP-000439-WSR-000156, SRG-APP-000442-WSR-000182

Solution

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Replace all 'ssl.use-*' lines with the following:

ssl.use-sslv2='disable'
ssl.use-sslv3='disable'
ssl.use-tlsv10='disable'
ssl.use-tlsv11='disable'
ssl.use-tlsv12='enable'

Restart the service with the following command:

# vmon-cli --restart applmgmt

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, 800-53|SC-8(2), CAT|II, CCI|CCI-002418, CCI|CCI-002422, Rule-ID|SV-256668r888526_rule, STIG-ID|VCLD-70-000024, Vuln-ID|V-256668

Plugin: Unix

Control ID: f71bd94a8d8da5f23819e6d58265a5f1764d631303227e087c5f1578b82a2424