The rhttpproxy must be configured to operate solely with FIPS ciphers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240718 | VCRP-67-000003 | SV-240718r679667_rule | Medium |
| Description |
|---|
| The rhttpproxy ships with FIPS 140-2 validated OpenSSL cryptographic libraries and is configured by default to run in FIPS mode. This module is used for all crypto operations performed by rhttproxy, including protection of data-in-transit over the client TLS connection. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-43951r679665_chk ) |
|---|
| At the command prompt, execute the following command: # xmllint --xpath '/config/vmacore/ssl/fips' /etc/vmware-rhttpproxy/config.xml Expected result: If the output does not match the expected result, this is a finding. |
| Fix Text (F-43910r679666_fix) |
|---|
| Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy |