Details

Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved SSL versions must be disabled.

VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Replace any and all ‘ssl.use-*’ lines with following:

ssl.use-tlsv12 = ‘enable’
ssl.use-sslv2 = ‘disable’
ssl.use-sslv3 = ‘disable’
ssl.use-tlsv10 = ‘disable’
ssl.use-tlsv11 = ‘disable’

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-8
• CAT|I
• CCI|CCI-002418
• Rule-ID|SV-239741r679333_rule
• STIG-ID|VCLD-67-000034
• Vuln-ID|V-239741

Source

• Tenable.com/audits