STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240272

CAT II (Medium)

Lighttpd must remove all export ciphers to transmitted information.

Rule ID

SV-240272r879810_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002418

Discussion

During the initial setup of a Transport Layer Security (TLS) connection to the web server, the client sends a list of supported cipher suites in order of preference. The Lighttpd will reply with the cipher suite it will use for communication from the client list. If an attacker can intercept the submission of cipher suites to the web server and place, as the preferred cipher suite, a weak export suite, the encryption used for the session becomes easy for the attacker to break, often within minutes to hours.

Check Content

At the command prompt, execute the following command:

grep '^ssl.cipher-list' /opt/vmware/etc/lighttpd/lighttpd.conf

If the value returned in not "ssl.cipher-list = "FIPS: +3DES:!aNULL" "or is commented out, this is a finding.

Fix Text

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf

Configure the lighttpd.conf file with the following: 

ssl.cipher-list = "FIPS: +3DES:!aNULL"