Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide
SRG-APP-000516-WSR-000174
The vCenter VAMI service must enable honoring the SSL cipher order.
The vCenter VAMI service must enable honoring the SSL cipher order.
An XCCDF Rule
Details
Profiles
Prose
The vCenter VAMI service must enable honoring the SSL cipher order.
Medium Severity
<VulnDiscussion>During a Transport Layer Security (TLS) session negotiation, when choosing a cipher during a handshake, normally the client's preference is used. This is potentially problematic as a malicious, dated, or poorly configured client could select the most insecure cipher offered by the server, even if it supports stronger ones. If "ssl.honor-cipher-order" is enabled, the "ssl.cipher-list" setting will be treated as an ordered list of cipher values from most preferred to least, left to right.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>