STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

V-240088

CAT I (High)

HAProxy must set the no-sslv3 value on all client ports.

Rule ID

SV-240088r879810_rule

STIG

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002418

Discussion

Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled and non-FIPS-approved SSL versions must be disabled.

Check Content

At the command prompt, execute the following command:

grep -EnR '\bbind\b.*\bssl\b' /etc/haproxy

Verify that each returned line contains the no-sslv3 value.

If any lines do not have this value, this is a finding.

Fix Text

Navigate to and open /etc/haproxy/conf.d/30-vro-config.cfg

Navigate to and configure the "frontend https-in-vro-config" section with the following value:  

bind :8283 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers FIPS:+3DES:!aNULL no-sslv3

Navigate to and open /etc/haproxy/conf.d/20-vcac.cfg

Navigate to and configure the "frontend https-in" section with the following value:  

bind 0.0.0.0:443 ssl crt /etc/apache2/server.pem ciphers FIPS:+3DES:!aNULL no-sslv3