VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

An XCCDF Rule

Description

<VulnDiscussion>TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved Secure Sockets Layer (SSL) versions must be disabled. VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained. Satisfies: SRG-APP-000439-WSR-000156, SRG-APP-000442-WSR-000182</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256668r888526_rule
Severity: Medium
References: CCI-002418 CCI-002422
Updated: 8 months ago

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Replace all "ssl.use-*" lines with the following:
ssl.use-sslv2="disable"
ssl.use-sslv3="disable"
ssl.use-tlsv10="disable"
ssl.use-tlsv11="disable"
ssl.use-tlsv12="enable"

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

Description

Remediation - Manual Procedure