UCF STIG Viewer Logo

VAMI must implement TLS1.2 exclusively.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239741 VCLD-67-000034 SV-239741r816831_rule High
Description
Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved SSL versions must be disabled. VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.
STIG Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42974r816830_chk )
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash".

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "ssl.use"

Expected result:

ssl.use-tlsv12 = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-tlsv10 = "disable"
ssl.use-tlsv11 = "disable"

If the output does not match the expected result, this is a finding.
Fix Text (F-42933r679332_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Replace any and all "ssl.use-*" lines with following:

ssl.use-tlsv12 = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-tlsv10 = "disable"
ssl.use-tlsv11 = "disable"