Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Virtualization Manager (VMAN) > Protect against POODLE vulnerability on Virtualization Manager

Protect against POODLE vulnerability on Virtualization Manager

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 144 Votes: 0 Revisions: 11

This article applies to Virtualization Manager. For information about protecting against the Poodle security vulnerability (CVE-2014-3566) on VIM, see the general KB article, KB5998.

To disable SSLv3 for Virtualization Manager, modify the configuration of Tomcat and lighttpd.

Tomcat

To modify the Tomcat configuration of the Virtualization Manager user interface:
  1. Open the /usr/share/tomcat/conf/server.xml file, and then search for the line which reads sslProtocol="TLS".
  2. Insert the following string to a new line underneath:
    sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
  3. Save the file.

Lighttpd

SSLv3 support cannot be turned off for the currently used version of lighttpd, but you can disable the vulnerable CBC mode of SSLv3.

To modify the lighttpd configuration of the Virtualization Manager management console:

  1. Open the /opt/vmware/etc/lighttpd/lighttpd.conf file.
  2. Replace the cipher list at the end of the file with the following list:
    ssl.cipher-list = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!KRB5-DES-CBC3-MD5:!KRB5-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!aNULL:!eNULL"
  3. Save the file.
Last modified

Tags

Classifications

Public