The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

An XCCDF Rule

Description

Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. Satisfies: SRG-APP-000014, SRG-APP-000645, SRG-APP-000156, SRG-APP-000157, SRG-APP-000219, SRG-APP-000439, SRG-APP-000440, SRG-APP-000441, SRG-APP-000442, SRG-APP-000560, SRG-APP-000565, SRG-APP-000625

ID: SV-256318r919041_rule
Version: VCSA-70-000009
Severity: High
References: CCI-000068 CCI-000382 CCI-001184 CCI-001453 CCI-001941 CCI-001942 CCI-002418 CCI-002420 CCI-002421 CCI-002422 CCI-002450
Updated: about 2 months ago

Remediation Templates

At the command prompt on the vCenter Server Appliance, run the following commands:

# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup

# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLSv1.2
vCenter services will be restarted as part of the reconfiguration. The operating system will not be restarted.

The "--no-restart" flag can be added to restart services at a later time.

Changes will not take effect until all services are restarted or the appliance is rebooted.

Note: This change should be performed on vCenter prior to ESXi.

The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

Description

Remediation Templates

A Manual Procedure