VCRP-67-000004 - The rhttpproxy must use cryptography to protect the integrity of remote sessions.

Gavin M. Dennis

22 April 2022 15:07

Details

The rhttpproxy can be configured to support TLS 1.0, 1.1 and 1.2. Due to intrinsic problems in TLS 1.0 and TLS 1.1, they are disabled by default. The block in the rhttproxy configuration is commented out by default, and this configuration forces TLS 1.2. The block may also be set to 'tls1.2' in certain upgrade scenarios, but the effect is the same.

Solution

Navigate to and open /etc/vmware-rhttpproxy/config.xml.

Locate the // block and configure as follows:

tls1.2

Restart the service for changes to take effect.

# vmon-cli --restart rhttpproxy

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-17(2)
CAT|II
CCI|CCI-001453
Rule-ID|SV-240719r679670_rule
STIG-ID|VCRP-67-000004
Vuln-ID|V-240719

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section