Information
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.
Satisfies: SRG-APP-000014, SRG-APP-000645, SRG-APP-000156, SRG-APP-000157, SRG-APP-000219, SRG-APP-000439, SRG-APP-000440, SRG-APP-000441, SRG-APP-000442, SRG-APP-000560, SRG-APP-000565, SRG-APP-000625
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
At the command prompt on the vCenter Server Appliance, run the following commands:
# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup
# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLSv1.2
vCenter services will be restarted as part of the reconfiguration. The operating system will not be restarted.
The '--no-restart' flag can be added to restart services at a later time.
Changes will not take effect until all services are restarted or the appliance is rebooted.
Note: This change should be performed on vCenter prior to ESXi.
Item Details
References: CAT|I, CCI|CCI-000068, CCI|CCI-000382, CCI|CCI-001184, CCI|CCI-001453, CCI|CCI-001941, CCI|CCI-001942, CCI|CCI-002418, CCI|CCI-002420, CCI|CCI-002421, CCI|CCI-002422, CCI|CCI-002450, Rule-ID|SV-256318r919041_rule, STIG-ID|VCSA-70-000009, Vuln-ID|V-256318
Control ID: 6d3c6145b66258584247e4c0c87a024074263047ecfc3a3617a1e8f4f91b2e83