Envoy must be configured to operate in FIPS mode.

An XCCDF Rule

Details
Profiles

Description

Envoy ships with FIPS 140-2 validated OpenSSL cryptographic libraries and is configured by default to run in FIPS mode. This module is used for all cryptographic operations performed by Envoy, including protection of data-in-transit over the client Transport Layer Security (TLS) connection. Satisfies: SRG-APP-000014-WSR-000006, SRG-APP-000179-WSR-000111, SRG-APP-000416-WSR-000118, SRG-APP-000439-WSR-000188, SRG-APP-000179-WSR-000110

ID: SV-256739r889155_rule
Version: VCRP-70-000003
Severity: Medium
References: CCI-000068 CCI-000803 CCI-002418 CCI-002450
Updated: about 2 months ago

Remediation Templates

Navigate to and open: 
 
/etc/vmware-rhttpproxy/config.xml 
 
Locate the <config>/<vmacore>/<ssl> block and configure <fips> as follows: 
 <fips>true</fips> 
 
Restart the service for changes to take effect. 
 
# vmon-cli --restart rhttpproxy

Envoy must be configured to operate in FIPS mode.

Description

Remediation Templates

A Manual Procedure