Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Virtualization Manager (VMAN) > Disable SSLv3 on VMAN

Disable SSLv3 on VMAN

Table of contents
Created by Roger Lofamia, last modified by MindTouch on Jun 23, 2016

Views: 63 Votes: 0 Revisions: 4

Overview

This article provides steps on how to disable SSLv3 on VMAN. Use this procedure in order to reduce the number of devices in your environment that uses SSLv3 and would like to disable SSLv3 on VMAN.

Environment

  • VMAN 6.3.1
  • VMAN 6.3.0

Steps

Tomcat (VMan UI):

Note: Virtual Appliance uses Tomcat and lighttpd

  1. Edit the /usr/share/tomcat/conf/server.xml file nd find the line which reads sslProtocol="TLS".
  2. Insert the following string to a new line underneath:
    sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
  3. Save the file.
     

lighttpd (VMan Management Console):

Note: It is not possible to turn off the SSLv3 support for this version of lighttpd. It is possible to disable the vulnerable CBC mode of SSLv3 though:

  1. Open the /opt/vmware/etc/lighttpd/lighttpd.conf file.
  2. Replace the cipher list at the end of the file with the following list:
    ssl.cipher-list = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!KRB5-DES-CBC3-MD5:!KRB5-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!aNULL:!eNULL"
  3. Save the file.
Last modified
04:08, 23 Jun 2016

Tags

Classifications

Public