Details
The Apache web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, and communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.
Methods of communication are ‘http’ for publicly displayed information, ‘https’ to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.
Satisfies: SRG-APP-000014-WSR-000006, SRG-APP-000015-WSR-000014, SRG-APP-000033-WSR-000169, SRG-APP-000179-WSR-000110, SRG-APP-000179-WSR-000111, SRG-APP-000439-WSR-000152, SRG-APP-000439-WSR-000154, SRG-APP-000439-WSR-000188, SRG-APP-000442-WSR-000182
Solution
Ensure the ‘ssl_module’ is loaded in the httpd.conf file (not commented out).
Ensure the ‘SSLProtocol’ is added and looks like the following in the <'INSTALL PATH'>confhttpd.conf file:
SSLProtocol -ALL +TLSv1.2
Restart the Apache service.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Identification and Authentication, System and Communications Protection.This control applies to the following type of system Windows.
References
- 800-53|AC-3
- 800-53|AC-17(2)
- 800-53|IA-7
- 800-53|SC-8
- 800-53|SC-8(2)
- CAT|II
- CCI|CCI-000068
- CCI|CCI-000213
- CCI|CCI-000803
- CCI|CCI-001453
- CCI|CCI-002418
- CCI|CCI-002422
- Rule-ID|SV-214308r505936_rule
- STIG-ID|AS24-W1-000030
- STIG-Legacy|SV-102419
- STIG-Legacy|V-92331
- Vuln-ID|V-214308