VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

An XCCDF Rule

Description

TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved Secure Sockets Layer (SSL) versions must be disabled. VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained. Satisfies: SRG-APP-000439-WSR-000156, SRG-APP-000442-WSR-000182

ID: SV-256668r888526_rule
Version: VCLD-70-000024
Severity: Medium
References: CCI-002418 CCI-002422
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Replace all "ssl.use-*" lines with the following:
ssl.use-sslv2="disable"
ssl.use-sslv3="disable"
ssl.use-tlsv10="disable"
ssl.use-tlsv11="disable"
ssl.use-tlsv12="enable"

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

Description

Remediation Templates

A Manual Procedure