Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Virtualization Manager (VMAN) > Disable SSLv3 on VMAN

Disable SSLv3 on VMAN

Table of contents
Created by Roger Lofamia, last modified by Chris.Moyer on Dec 13, 2017

Views: 91 Votes: 0 Revisions: 7

Updated: December 13, 2017 

Overview

This article provides steps on how to disable SSLv3 on the VMAN website. Use this procedure in order to reduce the number of devices in your environment that uses SSLv3 and would like to disable SSLv3 on VMAN.

Environment

  • VMAN 6.3.1
  • VMAN 6.3.0

Steps

Tomcat (VMan UI):

Note: Virtual Appliance uses Tomcat and lighttpd

  1. Edit the /usr/share/tomcat/conf/server.xml file nd find the line which reads sslProtocol="TLS".
  2. Insert the following string to a new line underneath:
    sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
  3. Save the file.
     

lighttpd (VMan Management Console):

Note: It is not possible to turn off the SSLv3 support for this version of lighttpd. It is possible to disable the vulnerable CBC mode of SSLv3 though:

  1. Open the /opt/vmware/etc/lighttpd/lighttpd.conf file.
  2. Replace the cipher list at the end of the file with the following list:
    ssl.cipher-list = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!KRB5-DES-CBC3-MD5:!KRB5-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!aNULL:!eNULL"
  3. Save the file.
Last modified

Tags

Classifications

Public