VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.

An XCCDF Rule

Description

<VulnDiscussion>Encryption of data in flight is an essential element of protecting information confidentiality. If a web server uses weak or outdated encryption algorithms, the server's communications could be compromised. The U.S. Federal Information Processing Standards (FIPS) publication 140-2, Security Requirements for Cryptographic Modules (FIPS 140-2), identifies 11 areas for a cryptographic module used inside a security system that protects information. FIPS 140-2 approved ciphers provide the maximum level of encryption possible for a private web server. VAMI is compiled to use VMware's FIPS-validated OpenSSL module and cannot be configured otherwise. Ciphers may still be specified in order of preference, but no non-FIPS approved ciphers will be implemented. Satisfies: SRG-APP-000014-WSR-000006, SRG-APP-000416-WSR-000118, SRG-APP-000439-WSR-000188</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256646r888460_rule
Severity: High
References: CCI-000068 CCI-002418 CCI-002450
Updated: 8 months ago

Navigate to and open:

/etc/applmgmt/appliance/lighttpd.conf

Add or reconfigure the following value:
ssl.cipher-list                   = "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES"

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.

Description

Remediation - Manual Procedure