UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

tc Server HORIZON must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240737 VRAU-TC-000065 SV-240737r879519_rule Medium
Description
Encryption of data-in-flight is an essential element of protecting information confidentiality. If a web server uses weak or outdated encryption algorithms, then the server's communications can potentially be compromised. The US Federal Information Processing Standards (FIPS) publication 140-2, Security Requirements for Cryptographic Modules (FIPS 140-2) identifies eleven areas for a cryptographic module used inside a security system that protects information. FIPS 140-2 approved ciphers provide the maximum level of encryption possible for a private web server. Configuration of ciphers used by tc Server are set in the catalina.properties file. Only those ciphers specified in the configuration file, and which are available in the installed OpenSSL library, will be used by tc Server while encrypting data for transmission.
STIG Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2023-10-03

Details

Check Text ( C-43970r674391_chk )
At the command prompt, execute the following command:

grep bio-ssl.cipher.list /opt/vmware/horizon/workspace/conf/catalina.properties

If the value of "bio-ssl.cipher.list" does not match the list of FIPS 140-2 ciphers or is missing, this is a finding.

Note: To view a list of FIPS 140-2 ciphers, at the command prompt execute the following command:

openssl ciphers 'FIPS'
Fix Text (F-43929r673954_fix)
Navigate to and open /opt/vmware/horizon/workspace/conf/catalina.properties.

Navigate to and locate "bio-ssl.cipher.list".

Configure the "bio-ssl.cipher.list" with FIPS 140-2 compliant ciphers.