Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The rhttpproxy must use cryptography to protect the integrity of remote sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240719 | VCRP-67-000004 | SV-240719r679670_rule | Medium |
| Description |
|---|
| The rhttpproxy can be configured to support TLS 1.0, 1.1 and 1.2. Due to intrinsic problems in TLS 1.0 and TLS 1.1, they are disabled by default. The <protocol> block in the rhttproxy configuration is commented out by default, and this configuration forces TLS 1.2. The block may also be set to "tls1.2" in certain upgrade scenarios, but the effect is the same. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide | 2021-03-19 |
Details
| Check Text ( C-43952r679668_chk ) |
|---|
| At the command prompt, execute the following command: # xmllint --xpath '/config/vmacore/ssl/protocols' /etc/vmware-rhttpproxy/config.xml Expected result: If there is no output, this is NOT a finding. If the output does not match the expected result, this is a finding. |
| Fix Text (F-43911r679669_fix) |
|---|
| Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy |