STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

V-256739

CAT II (Medium)

Envoy must be configured to operate in FIPS mode.

Rule ID

SV-256739r889155_rule

STIG

VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000068, CCI-000803, CCI-002418, CCI-002450

Discussion

Envoy ships with FIPS 140-2 validated OpenSSL cryptographic libraries and is configured by default to run in FIPS mode. This module is used for all cryptographic operations performed by Envoy, including protection of data-in-transit over the client Transport Layer Security (TLS) connection. Satisfies: SRG-APP-000014-WSR-000006, SRG-APP-000179-WSR-000111, SRG-APP-000416-WSR-000118, SRG-APP-000439-WSR-000188, SRG-APP-000179-WSR-000110

Check Content

At the command prompt, run the following command: 
 
# xmllint --xpath '/config/vmacore/ssl/fips' /etc/vmware-rhttpproxy/config.xml 
 
Expected result: 
 
<fips>true</fips> 
 
If the output does not match the expected result, this is a finding.

Fix Text

Navigate to and open: 
 
/etc/vmware-rhttpproxy/config.xml 
 
Locate the <config>/<vmacore>/<ssl> block and configure <fips> as follows: 
 
<fips>true</fips> 
 
Restart the service for changes to take effect. 
 
# vmon-cli --restart rhttpproxy