The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
An XCCDF Rule
Description
<VulnDiscussion>Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. In vCenter 8 Update 3, Transport Layer Security (TLS) Profiles were introduced that allow users to manage and configure TLS parameters for the vCenter server. Several TLS profiles are available by default but not all may be suitable for high security environments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-265978r1003613_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the vSphere Client, go to Developer Center >> API Explorer.
Select "appliance" from the "Select API" drop down list then scroll down to the "tls/profiles/global" section.
Expand the PUT call and enter the following in the value box: