Details

The SSLEnabled setting determines if SSL is enabled for a specific Connector. It is recommended that SSL be utilized for any Connector that sends or receives sensitive information, such as authentication credentials or personal information.

Solution

In server.xml, set the SSLEnabled attribute to true for each Connector that sends or receives sensitive information.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/266

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-13

Source

• Tenable.com/audits